authenticate: 

U.S. GOVERNMEN 
INFORMATION 


GP< 



S. Hrg. 108-886 


BANK SECRECY ACT ENFORCEMENT 


HEARING 


BEFORE THE 


COMMITTEE ON 

BANKING, HOUSING, AND URBAN AFFAIRS 
UNITED STATES SENATE 


ONE HUNDRED EIGHTH CONGRESS 


SECOND SESSION 


ON 


EFFORTS TO ENSURE COMPLIANCE AND ENFORCEMENT OF THE BANK 
SECRECY ACT, ENACTED IN 1970, WHICH AUTHORIZES THE SEC- 
RETARY OF THE TREASURY TO ISSUE REGULATIONS REQUIRING 
THAT FINANCIAL INSTITUTIONS KEEP RECORDS AND FILE REPORTS 
ON CERTAIN FINANCIAL TRANSACTIONS, FOCUSING ON ANTI-MONEY 
LAUNDERING AND ISSUES CONCERNING DEPOSITORY INSTITUTION 
REGULATORY OVERSIGHT 


JUNE 3, 2004 


Printed for the use of the Committee on Banking, Housing, and Urban Affairs 



Available at: http://www.access.gpo.gov/congress/senate/senate05sh.html 


U.S. GOVERNMENT PRINTING OFFICE 


25-956 PDF 


WASHINGTON : 2006 


For sale by the Superintendent of Documents, U.S. Government Printing Office 
Internet: bookstore.gpo.gov Phone: toll free (866) 512—1800; DC area (202) 512-1800 
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 


COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS 

RICHARD C. SHELBY, Alabama, Chairman 
ROBERT F. BENNETT, Utah PAUL S. SARBANES, Maryland 

WAYNE ALLARD, Colorado CHRISTOPHER J. DODD, Connecticut 

MICHAEL B. ENZI, Wyoming TIM JOHNSON, South Dakota 

CHUCK HAGEL, Nebraska JACK REED, Rhode Island 

RICK SANTORUM, Pennsylvania CHARLES E. SCHUMER, New York 

JIM BUNNING, Kentucky EVAN BAYH, Indiana 

MIKE CRAPO, Idaho ZELL MILLER, Georgia 

JOHN E. SUNUNU, New Hampshire THOMAS R. CARPER, Delaware 

ELIZABETH DOLE, North Carolina DEBBIE STABENOW, Michigan 

LINCOLN D. CHAFEE, Rhode Island JON S. CORZINE, New Jersey 

Kathleen L. Casey, Staff Director and Counsel 
Steven B. Harris, Democratic Staff Director and Chief Counsel 
Skip Fischer, Senior Staff Professional 
Stephen R. Kroll, Democratic Special Counsel 
Joseph R. Kolinski, Chief Clerk and Computer Systems Administrator 
George E. Whittle, Editor 

(II) 



CONTENTS 


THURSDAY, JUNE 3, 2004 

Page 

Opening statement of Chairman Shelby 1 

Opening statements, comments, or prepared statements of: 

Senator Sarbanes 2 

Senator Reed 5 

Senator Allard 5 

Prepared statement 41 

Senator Bunning 41 

WITNESSES 

Susan S. Bies, Member, Board of Governors of the Federal Reserve System .... 5 

Prepared statement 42 

John D. Hawke, Jr., Comptroller of the Currency, U.S. Department of the 

Treasury 8 

Prepared statement 47 

Response to a question of Senator Shelby Ill 

Donald E. Powell, Chairman, Federal Deposit Insurance Corporation 10 

Prepared statement 60 

James E. Gilleran, Director, Office of Thrift Supervision, U.S. Department 

of the Treasury 12 

Prepared statement 67 

JoAnn M. Johnson, Chairman, National Credit Union Administration 13 

Prepared statement 76 

William J. Fox, Director, Financial Crimes Enforcement Network, U.S. De- 
partment of the Treasury 15 

Prepared statement 79 

Gaston L. Gianni, Jr., Inspector General, Federal Deposit Insurance Corpora- 
tion 32 

Prepared statement 84 

Davi M. D’Agostino, Director, Financial Markets and Community Investment, 

U.S. General Accounting Office 34 

Prepared statement 93 

Additional Material Supplied for the Record 

Letter to Senator Paul S. Sarbanes from John D. Hawke, Jr., Comptroller 

of the Currency, U.S. Department of the Treasury, dated June 18, 2004 112 

Letter to Senator Jack Reed from James E. Gilleran, Director, Office of 
Thrift Supervision, U.S. Department of the Treasury, dated June 9, 2004 .... 116 


(HI) 




BANK SECRECY ACT ENFORCEMENT 


THURSDAY, JUNE 3, 2004 

U.S. Senate, 

Committee on Banking, Housing, and Urban Affairs, 

Washington, DC. 

The Committee met at 9:45 a.m., in room SD-538, Dirksen Sen- 
ate Office Building, Senator Richard C. Shelby (Chairman of the 
Committee) presiding. 

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY 

Chairman Shelby. The hearing will come to order. 

The purpose of today’s hearing is to examine the record of the 
Federal Government in enforcing this Nation’s laws against money 
laundering and terrorist financing. The high-profile case of Riggs 
Bank, which was recently fined $25 million for repeated — I empha- 
size “repeated” — failures to comply with the Bank Secrecy Act, the 
basic anti-money laundering statutes requiring the reporting of 
large cash transactions and suspicious financial activities, has 
highlighted possible deficiencies in the governmental structure for 
enforcing these laws. 

The Riggs case could be seen as unique. It involved that bank’s 
near monopoly on foreign embassy banking. It involved an oil-rich 
country for which the movement of large amounts of cash was as 
routine as writing a check to pay bills is for many Americans. 
Whatever cultural, political, or economic factors resulted in Riggs’ 
failure to comply with the law, despite repeated assurances to its 
Federal overseers that it would improve in that regard, this case 
cannot be seen as unique. As the General Accounting Office will 
testify later today before this Committee, the problem runs deeper 
than we may care to admit. There does appear, on the basis of a 
number of recent money laundering cases, as well as the case of 
UBS Investment Bank of Switzerland, about which this Committee 
held a hearing on May 20, to be serious deficiencies on the part of 
the Federal regulatory agencies vested with the authority and re- 
sponsibility to enforce this Nation’s laws against money laundering. 

I mention the UBS case for a reason. In that case, the Federal 
Reserve Bank of New York, responsible for ensuring that U.S. cur- 
rency was not being transferred to countries sanctioned for their 
support of terrorist activities or their poor human rights records, 
failed to provide adequate oversight of the banks with which it had 
contracted to serve as depositories of billions of U.S. dollars in 
cash. The Federal Reserve Bank trusted that the self-generating 
reports provided it by UBS were an accurate reflection of the 
latter’s conduct. The Fed was wrong, to the tune of $5 billion. 

( 1 ) 



2 


Similarly, the Riggs case showed a deference toward the client fi- 
nancial institution that undermined the integrity of the oversight 
process. Trust that Riggs would comply not just with the terms of 
the law, but with the agreements intended to bring it into compli- 
ance with the law, proved the undoing of a process that is essential 
to the war against terrorism. The war against terrorism cannot be 
won without serious efforts at impeding the very types of criminal 
activity that seem to be going on or went on at the Riggs Bank, 
as well as the UBS case. And Riggs, as we all know, is not just 
about their bank’s relationship to the Embassy of Saudi Arabia. As 
disturbing are the business transactions with the Government of 
Equatorial Guinea, a country known for its corruption, human 
rights abuses, and desperately poor population, despite vast oil 
wealth. 

The Riggs case, as well as that of Banco Popular, Delta National 
Bank and Trust of New York, and others clearly point to under- 
lying problems in the approach of Federal regulatory agencies to 
properly carry out their mandate to enforce the Bank Secrecy Act. 

How long banks are given to comply with the law before the Gov- 
ernment acts with sufficient force so as to compel compliance is one 
of the issues to be addressed here today. Others include the ability 
and the willingness of the agencies represented here today to exe- 
cute their enforcement function with regard to money laundering 
with the same competence with which they execute their appar- 
ently more ingrained “safety and soundness” function. Their rela- 
tionship to each other, to the Financial Crimes Enforcement 
Network, also represented here today, and to law enforcement and 
the degree to which information essential for enforcing anti-money 
laundering laws is shared among themselves in a timely manner. 
For example, was the FBI informed about cease-and-desist orders, 
or did it have to read about them in the papers? What about 
FinCEN? Does the examination process need repair? These are the 
questions that demand attention here. 

Testifying here today and hopefully addressing these questions, 
are Susan Schmidt Bies, Board of Governors of the Federal Reserve 
System; John D. Hawke, Comptroller of the Currency and frequent 
guest here; Donald Powell, the Chairman of the Federal Deposit In- 
surance Corporation; James Gilleran, Director of the Office of 
Thrift Supervision; JoAnn Johnson, Chairman of the National 
Credit Union Administration; and William Fox, Director, Financial 
Crimes Enforcement Network. After we hear testimony from these 
officials, we have a second panel comprised of Gaston Gianni, In- 
spector General of the Federal Deposit Insurance Corporation; and 
Davi D’Agostino, Director of the Financial Markets and Community 
Investment Division of the General Accounting Office. 

Senator Sarbanes. 

STATEMENT OF SENATOR PAUL S. SARBANES 

Senator Sarbanes. Thank you very much, Mr. Chairman. First 
of all, I want to say that I strongly share your commitment to very 
strong oversight by this Committee of the agencies under our juris- 
diction and, in particular, this focus on the administration and en- 
forcement of the Bank Secrecy Act. 



3 


The President speaks often of the war against terrorism, and 
again and again people say that an essential part of the war 
against terrorism is to dry up the financial resources that the ter- 
rorist networks gain access to which enable them to carry out their 
activities. The Bank Secrecy Act is part of that effort, but the effec- 
tiveness of the BSA and the priority which bank regulators and the 
Treasury Department give to its enforcement is regrettably a very 
open question, underscored by the failures of compliance and regu- 
latory oversight at Riggs Bank and other institutions. Riggs is the 
most recent one and in the focus. 

OCC examiners outlined problems in Riggs’ BSA compliance and 
anti-money laundering procedures as early as 1997. But despite 
Riggs’ well-known special circumstances, in terms of its clients, the 
examiners failed to discover widespread noncompliance with the 
Bank Secrecy Act. It was not until late 2002 that OCC examiners 
began seriously to test transactions to see if the Riggs’ program 
was actually producing results. We now know that it was not. 

Throughout much of the same period, Federal counterterrorism 
and law enforcement officials were involved in investigations in- 
volving accounts of some of Riggs’ largest customers. And the Fed- 
eral Reserve Board was conducting parallel oversight because of its 
jurisdiction over the Riggs holding company and Edge Act sub- 
sidiary. It is not clear when the Financial Crimes Enforcement 
Network, FinCEN, which is said to administer the Bank Secrecy 
Act and which ultimately issued a concurrent $25 million penalty 
assessment with the OCC against Riggs, first learned of Riggs’ 
compliance problem. It seems clear that there was no coordinated 
Federal regulatory effort relating to the audit and investigation of 
Riggs. 

The Riggs situation in and of itself is serious, obviously. But it 
may reflect a broader structural problem. No one seems to be di- 
rectly accountable for enforcement of the Bank Secrecy Act. Con- 
gress vested authority for the Bank Secrecy Act’s administration 
and enforcement in the Secretary of the Treasury, who has dele- 
gated that authority, since 1994, to the Director of FinCEN. The 
Federal banking agencies examine the compliance of depository in- 
stitutions with the Bank Secrecy Act, under authority delegated by 
Treasury. But they also have a separate statutory obligation to ex- 
amine for BSA compliance procedures, employing a different set of 
sanctions than the statutory penalties in the Bank Secrecy Act. 

The list of agencies involved in potential BSA compliance prob- 
lems does not end there. Federal enforcement and, now, intel- 
ligence agencies — for example, the FBI, the Bureau of Immigration 
and Customs Enforcement, the Drug Enforcement Administration, 
the Criminal Investigation Division of the Internal Revenue Serv- 
ice — investigate potential BSA violations in the course of their ac- 
tivities. State bank regulators have their own oversight authority 
that extends to the Bank Secrecy Act in the case of State-chartered 
institutions. Different regulators may — in fact, likely will — regulate 
different parts of increasingly integrated bank holding companies. 
Treasury, through FinCEN, will become involved in compliance 
penalties only in a limited number of situations in which cases are 
referred to it under procedures that, according to testimony we will 
be receiving today, are more than a decade old. 



4 


I am also concerned about the nature of the bank examination 
procedures themselves in this area. Today’s testimony will indicate 
that the bank examiners review procedures and systems in their 
money laundering compliance examinations. They rarely test trans- 
actions to see if the procedures or systems are working. It is a little 
bit like going into a room and seeing that the furniture is all in 
place but not placing any weight on the furniture to see whether 
it will sustain the stress. It could all be hollow. 

I am also concerned about reports that compliance examiners, 
generally at the OCC, FDIC, and OTS, have been made subordi- 
nate to safety and soundness examiners. This would affect not only 
the Bank Secrecy Act, but also other critical compliance areas, in- 
cluding, of course, consumer protection. 

The unfortunate lesson of the Riggs case seems to be that, de- 
spite the attention paid to improving the statutory tools given to 
the Treasury and to law enforcement in the legislation enacted 
after September 11 — this Committee brought forth a title on money 
laundering which was included in that legislation, and, of course, 
prior legislation — the Bank Secrecy Act is not really “administered” 
at all in any coordinated way. Again, no one seems to be respon- 
sible for putting the statute into effect. 

I hope that today’s hearing can force accelerated discussion of 
these issues and place them at the top of the anti-money laun- 
dering and counterterrorism financing agenda. 

I also want to get a better sense from our witnesses of how uni- 
formly they are enforcing the BSA and the anti-money laundering 
laws. It is my understanding that last week, Comptroller Hawke 
sent a memorandum to the OCC’s bank examiners reminding them 
of their responsibilities in this area, and I look forward to hearing 
what our other financial regulators are doing in this regard and 
how seriously they take this issue. 

A number of far-reaching proposals are now being made, and the 
Committee may well have to address them. And, of course, these 
would involve how authorities are allocated. One proposal is to cre- 
ate a separate Bank Secrecy Act audit and enforcement force at the 
Treasury. Another would be to create a joint BSA audit authority 
under the supervision of the banking regulators staffed by experi- 
enced examiners whose career ladders call for rotation into the unit 
for several years and who audit institutions other than those su- 
pervised by their home agencies. Another possibility is retaining 
the present system, but requiring FinCEN, so long as it is adminis- 
trator of the BSA, to receive the portion of each examination report 
dealing with Bank Secrecy Act matters, and to participate in the 
determination of action to take in response to deficiencies. 

Another possibility, moving across the range of things, would be 
to delegate full BSA penalty and administrative authority to the 
bank regulators together with mandated reporting to Treasury. An- 
other would be to mandate transaction testing and other upgraded 
examination procedures for BSA examination. 

I think it is very clear that the current system is not working the 
way it should be working. The Fed imposed a $100 million on UBS 
AG for conducting illegal currency transactions with four countries. 
Our colleague, Representative Sue Kelly, on the House side, the 
Chairman of the House Financial Services Oversight Committee, 



5 


called this sanction “a mere slap on the wrist.” There is very deep 
concern, obviously, here in the Congress about the effectiveness of 
our fight against terrorist financing. Our concern also involves or- 
ganized crime, drug cartels, and so forth. And there is not a sense 
that the agencies are fully reporting for duty with respect to this 
important issue. 

Mr. Chairman, I look forward to hearing the testimony. 

Chairman Shelby. Thank you, Senator Sarbanes. 

Senator Reed. 

STATEMENT OF SENATOR JACK REED 

Senator Reed. Mr. Chairman, I simply want to associate myself 
with Senator Sarbanes’ comments and remarks, and I look forward 
to hearing the testimony of the witnesses. 

Thank you, Mr. Chairman. 

Chairman Shelby. Senator Allard, do you have an opening state- 
ment? 


STATEMENT OF SENATOR WAYNE ALLARD 

Senator Allard. I do, Mr. Chairman, have an opening state- 
ment. I will just submit it for the record. 

Chairman Shelby. Without objection, it is so ordered. 

Senator Allard. I would like to thank the panel for taking the 
time to testify before the Committee and you for holding the hear- 
ing. 

Chairman Shelby. Thank you. 

All of your written testimony will be made part of the hearing 
record. We will start with you, Governor Bies. 

STATEMENT OF SUSAN S. BIES, MEMBER, 

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM 

Ms. Bies. Thank you, Mr. Chairman and Senator Sarbanes. I 
want to thank you for the opportunity to appear before this Com- 
mittee to discuss the Federal Reserve’s participation in efforts to 
combat money laundering and terrorist financing. 

In my remarks today, I will describe for you some of the impor- 
tant steps we are taking to fulfill our supervisory mission, to guide 
the institutions we supervise, and, in cooperation with the other 
banking and financial services regulators and the Treasury Depart- 
ment, to make every effort to use our supervisory tools to enhance 
the banking industry’s role in preventing and detecting money 
laundering and terrorist financing activity. The Federal Reserve’s 
anti-money laundering program is multifaceted. It involves work in 
the bank supervision area, the applications area, enforcement, in- 
vestigations, training, and coordination with law enforcement and 
intelligence communities, as well as rule writing. This morning, I 
will touch on some of these aspects of the Federal Reserve’s anti- 
money laundering program, but will concentrate on bank super- 
vision efforts and enforcement matters. 

The Federal Reserve has long shared Congress’ view that finan- 
cial institutions and their employees are on the front lines of the 
efforts to combat illicit financial activity. The Federal Reserve be- 
lieves that the banking organizations it supervises must take every 
reasonable step to identify, minimize, and manage any risks that 



6 


illicit financial activity may pose to individual financial institutions 
and the banking industry. 

It has been our longstanding policy that Federal Reserve super- 
visors incorporate a Bank Secrecy Act compliance and anti-money 
laundering program component into every safety and soundness ex- 
amination conducted by a Federal Reserve Bank. This means that 
on a regular examination cycle, examiners evaluate whether a 
banking organization’s Bank Secrecy Act and anti-money laun- 
dering compliance program is satisfactory and are commensurate 
with the organization’s business activities and risk profiles. Bank 
Secrecy Act and anti-money laundering compliance has, for years, 
been an integral part of the bank supervision process at the Fed- 
eral Reserve. Furthermore, the Federal Reserve’s enforcement 
program has a strong history of addressing both anti-money laun- 
dering and safety and soundness problems in formal actions when 
it becomes necessary. 

There is an important correlation between the areas covered by 
a BSA/AML examination and an institution’s overall risk manage- 
ment and internal controls. Bank examiners take into account an 
organization’s enterprise-wide corporate governance mechanisms 
and how they are applied. The Federal Reserve’s bank examiners 
are able to apply a broad perspective and depth of organizational 
knowledge to the area of Bank Secrecy Act and anti-money laun- 
dering compliance and to coordinate with the examination and ana- 
lytical staff to ensure that safety and soundness and Bank Secrecy 
Act and anti-money laundering are integrated and comprehensive. 
The Federal Reserve has found that there is an important synergy 
gained by integrating safety and soundness and Bank Secrecy Act/ 
anti-money laundering supervisory processes. 

The Federal Reserve focuses significant resources on the preven- 
tion and early resolution of deficiencies within the supervisory 
framework. In cases where examiners have identified a violation of 
the compliance program requirement, the Federal Reserve is bound 
by law to take formal enforcement action. The same law requiring 
us to promulgate rules requiring a compliance program provides 
that if an institution fails to establish and maintain required proce- 
dures, we must issue a formal action requiring the institution to 
correct the problem. 

The Federal Reserve takes this responsibility very seriously and 
has issued a number of public actions against banking organiza- 
tions in fulfillment of this statutory mandate. Over the last 3 
years, for example, the Federal Reserve has taken approximately 
25 formal, public enforcement actions addressing Bank Secrecy Act 
and anti-money laundering-related matters. 

In addition to taking action itself, the Federal Reserve may refer 
a Bank Secrecy Act-related matter to Treasury’s FinCEN for con- 
sideration of an enforcement action based on violations of that law. 

The Federal Reserve staff coordinates enforcement actions with 
other regulators or agencies, including in the area of anti-money 
laundering. If a banking organization’s problems involve entities 
supervised by different regulators, resolution of enterprise-wide 
problems may involve multiple enforcement actions. For example, 
the OCC, FinCEN, and the Federal Reserve coordinated their re- 
cent enforcement actions against Riggs Bank, National Association; 



7 


Riggs National Corporation; and Riggs International Banking 
Corporation, the national bank’s Edge Act subsidiary. The Federal 
Reserve coordinates its enforcement actions with State banking su- 
pervisors on a regular basis, and enforcement actions involving 
operations of foreign banking organizations may be resolved in co- 
operation with supervisors abroad. In several recent matters, there 
was close coordination also with the U.S. Department of Justice. 

The Federal Reserve’s Bank Secrecy Act and anti-money laun- 
dering functions range from supervising and regularly examining 
banking organizations subject to Federal Reserve supervision for 
compliance with the Bank Secrecy Act and relevant regulations, to 
requiring corrective actions for detected weaknesses in their Bank 
Secrecy Act/anti-money laundering program, to enhancing money 
laundering investigations by providing expertise to the U.S. law 
enforcement community, to providing training to U.S. law enforce- 
ment authorities and various foreign central banks and govern- 
ment agencies. Over the last 3 years, for example, Federal Reserve 
experts in anti-money laundering-related matters have participated 
in special reviews of funds transfers for Federal law enforcement 
and intelligence authorities, taught classes at FBI and Department 
of Homeland Security training academies, held seminars for central 
bank and foreign supervisor authorities in 10 countries, and en- 
gaged in discussions on anti-money laundering-related matters at 
international fora such as the Basel Cross-border Group and the 
Financial Action Task Force. 

Board and Reserve Bank supervisors seek to provide guidance to 
banking organizations to assist them to fully understand applicable 
regulatory requirements and what is expected by the regulators. 
The Federal Reserve views its supervisory role as including initia- 
tives to enhance awareness and understanding by banking organi- 
zations under Federal Reserve supervision and by the industry at 
large. 

The Federal Reserve makes its Bank Secrecy Act examination 
procedures available to the banking industry and updates those 
procedures by publicly issuing supervision and regulation letters. 
These letters advise Reserve Bank supervisory staff and the indus- 
try about new examination policies and protocols, such as those as- 
sociated with the USA PATRIOT Act. Federal Reserve staff also 
speaks regularly before the financial industry and issues sound 
practice guidance in conjunction with other regulators and Treas- 
ury. These initiatives are meant to respond to or anticipate ques- 
tions that arise regarding anti-money laundering requirements and 
to help banking organizations’ compliance efforts. 

The Federal Reserve believes that banking organizations should 
take reasonable and prudent steps to combat illicit financial activi- 
ties, such as money laundering and terrorist financing, and to min- 
imize their vulnerability to risks associated with such activity. For 
this reason, the Federal Reserve’s commitment to ensuring compli- 
ance with the Bank Secrecy Act continues to be a high supervisory 
priority. The Federal Reserve has an important role in ensuring 
that criminal activity does not pose a systemic threat and, as im- 
portant, in improving the ability of individual banking organiza- 
tions in the United States and abroad to protect themselves from 
illicit activities. 



8 


Thank you. 

Chairman Shelby. Thank you, Governor Bies. 
Mr. Hawke. 


STATEMENT OF JOHN D. HAWKE, JR. 

COMPTROLLER OF THE CURRENCY 
U.S. DEPARTMENT OF THE CURRENCY 

Comptroller Hawke. Chairman Shelby, Ranking Member Sar- 
banes, and Members of the Committee, I appreciate the oppor- 
tunity to discuss the work of the OCC in combating money laun- 
dering and enforcing compliance with U.S. laws designed to pre- 
vent our financial institutions from falling victim to criminals and 
terrorists. 

For the past 30 years, the OCC has placed great importance on 
developing policies and procedures designed to ensure that finan- 
cial institutions have the necessary controls in place and provide 
the requisite notices to law enforcement to make certain that they 
do not become vehicles for money laundering. Our examiners are 
dedicated. Our BSA/anti-money laundering examination techniques 
are highly regarded. We have strived to keep our exam techniques 
current and responsive to new developments, and we work coopera- 
tively and successfully with law enforcement. For all these reasons, 
the situation that we have confronted with Riggs Bank is deeply 
troubling, and this Committee’s keen interest in Riggs is entirely 
appropriate. 

For this reason, I will rely today on my written testimony for a 
detailed discussion of the components of the OCC’s extensive BSA 
and anti-money laundering program and devote my oral testimony 
to the Riggs situation. 

As I reviewed the record of our oversight of Riggs’ Bank Secrecy 
Act/anti-money laundering compliance during this period, it become 
clear to me that there was a failure of supervision. We should have 
been more aggressive in our insistence on remedial steps at a much 
earlier time. The types of strong formal enforcement action that we 
ultimately took should have been taken earlier. We should have 
done more extensive probing and transaction testing of accounts. 
Indeed, our own BSA exam procedures called for transactional re- 
views in the case of high-risk accounts, yet until recently that was 
not done. We failed to appreciate the risks inherent in Riggs’ em- 
bassy banking business and in certain of the accounts handled by 
the bank, as well as the significance of the deficiencies in the 
bank’s systems and controls in relation to those risks. 

This is not a case where the deficiencies in these systems and 
controls at Riggs were not recognized, nor was there an absence of 
OCC supervisory attention to those deficiencies. But in failing to 
promptly recognize the high-risk nature of the bank’s business in 
this regard, we did not probe as soon or as deeply as we should 
have. We gave the bank too much time, based on its apparent ef- 
forts to fix the problems we had repeatedly noted, before we 
demanded specific solutions, by specific dates, pursuant to formal 
enforcement actions. 

With this context, allow me to provide a brief review of our re- 
cent supervision of Riggs. The specific shortcomings in Riggs’ BSA/ 
AML compliance program were known to us as early as 1997. In 



9 


our regular and frequent examinations, we repeatedly identified 
the need for improvement in Riggs’ BSA internal audit coverage, 
its information systems, its internal monitoring processes, its staff 
training, and its customer due diligence requirements, and we 
brought those deficiencies to the attention of Riggs management. 
Each time, we found management to be apparently cooperative and 
responsive. And because of this attitude, we concluded that Riggs’ 
compliance program was either “satisfactory” or “generally ade- 
quate,” which led us to continue to rely on various informal super- 
visory remedies in dealing with the Riggs management. 

In the aftermath of the September 11, 2001 tragedies, the OCC 
conducted a series of antiterrorist financing reviews at our large 
and high-risk banks. Riggs was included in those targeted exams. 
The subsequent examination of Riggs ran from January to May 
2003 and involved extensive cooperation with law enforcement 
agencies. It focused on certain suspicious transactions involving the 
Saudi Embassy relationship and culminated in a July 2003 cease- 
and-desist order, directing Riggs to undertake a long list of correc- 
tive actions. 

Yet when we returned to the bank in October 2003, the same 
pattern surfaced. While progress had been made toward complying 
with the July C&D order, a new set of problems had become evi- 
dent, this time relating to the bank’s relationship with Equatorial 
Guinea. Our reaction this time was fundamentally different than 
before and ultimately led to the assessment of a record $25 million 
civil money penalty against the bank. We also continue to evaluate 
whether additional actions are warranted. 

Against this background, there are at least three important ques- 
tions that this Committee might appropriately ask. And I am sure 
there are more. First, why was there a failure of supervision in the 
Riggs case? Second, is our record with regard to Riggs symptomatic 
of shortcomings in our BSA/AML supervision of other national 
banks? And, third, what is the OCC doing to assure that there will 
be no recurrence of situations like Riggs? 

To address the first two questions, I have directed our Quality 
Management Division, which reports directly to me and is analo- 
gous to an internal IG operation, to conduct a complete, no-holds- 
barred, top-to-bottom review of our handling of the Riggs situation 
and to report their findings and recommendations back to me in 90 
days. I have also directed QMD to make a more general assessment 
of the quality of our BSA/AML supervision and to determine 
whether there are other banks as to which our compliance over- 
sight reflects similar shortcomings. I will be happy to share the 
QMD report with this Committee when it is completed. 

In order to assure that there is no recurrence of the shortcomings 
evidenced in the Riggs case, I have directed a number of other ac- 
tions, which are described in my written testimony, to improve our 
practices and policies and to develop new risk-screening systems 
and techniques. 

I have also instructed our Committee on Bank Supervision, 
which is comprised of the OCC’s senior supervision officials, to 
communicate with all OCC examination staff to raise their level of 
alert for suspicious or high-risk accounts and to reemphasize the 
need for deeper investigation and transaction testing where such 



10 


circumstances exist. This communication re-emphasizes the critical 
importance of our BSA/AML compliance program and the role that 
program plays in helping to assure that national banks will not be 
used to facilitate improper transactions. 

The Riggs episode reminds us that the Bank Secrecy Act and 
money laundering issues are not only of extreme importance to na- 
tional security but they also have huge reputation implications for 
the banking industry. This heightened awareness, coupled with the 
many technical and other improvements in the approach to BSA/ 
AML supervision already adopted or contemplated by the OCC and 
its sister financial regulatory agencies, should strengthen the abil- 
ity of our financial system to resist those who would use it for im- 
proper purposes. 

Notwithstanding the Riggs situation, Mr. Chairman, the OCC is 
committed to doing its part to assure that national banks scru- 
pulously perform their responsibilities under the laws relating to 
money laundering. We stand ready to work with Congress, with 
law enforcement, with the other financial regulatory agencies, and 
with the banking industry to continue to develop and implement a 
coordinated and comprehensive response to the threat posed to the 
Nation’s financial system by money launderers and terrorists. 

Thank you, Mr. Chairman. 

Chairman Shelby. Mr. Powell. 

STATEMENT OF DONALD E. POWELL 

CHAIRMAN, FEDERAL DEPOSIT INSURANCE CORPORATION 

Chairman Powell. Mr. Chairman, Senator Sarbanes, and Mem- 
bers of the Committee, thank you for this opportunity to discuss 
how the FDIC, along with the other bank regulatory agencies, ad- 
dresses our responsibilities under the Bank Secrecy Act and related 
anti-money laundering and antiterrorism laws. 

While my written testimony provides greater detail about the 
FDIC’s effort to prevent money laundering and terrorist financing, 
I would like to focus my statement today on how the FDIC is seek- 
ing to ensure that the American financial system is not misused in 
a way that supports criminal and terrorist activities and how bank 
regulators, law enforcement, and the banking industry can work to- 
gether to address money laundering and terrorist financing. 

One of the strongest ways to attack criminal and terrorist activi- 
ties is to focus on their funding sources and their attempts to use 
the financial system to further their goals. While legislative and 
regulatory efforts originally focused on criminals laundering large 
sums of cash, the events of September 11 expanded our reach to 
terrorists who seek to use the U.S. banking system to fund their 
activities. 

The FDIC is responsible for examining State-chartered, non- 
member banks for compliance with the Bank Secrecy Act and to de- 
termine the effectiveness of the financial institutions’ anti-money 
laundering program. While the vast majority of FDIC-supervised 
institutions are diligent in their efforts to establish, execute, and 
administer effective Bank Secrecy Act compliance programs, there 
have been instances where the controls and efforts were lacking. In 
those cases, we have implemented a range of corrective measures 
to ensure banks comply with the law. 



11 


In cases where an institution’s anti-money laundering compliance 
program has been criticized or in cases where previously identified 
deficiencies have not been corrected, including significant violations 
of law, the FDIC will take formal or informal enforcement action. 
The type of enforcement action pursued by the FDIC against an in- 
stitution is directly related to the severity of the offense, manage- 
ment’s willingness and ability to effectively implement corrective 
action, as well as the extent to which the program has failed to 
identify or deter potential money laundering. In addition, the na- 
ture of the criticism, the response to prior weaknesses or violation 
notifications, and the overall risk profile of the institution are 
factored into the type of supervisory action, as well as any deter- 
mination to assess civil money penalties. 

The FDIC understands that all institutions are at risk. In today’s 
global banking environment, where funds are transferred in an in- 
stant and communication systems make services available nation- 
ally, even a lapse at a small financial institution outside of a major 
metropolitan area can have major implications on another location 
across the Nation. The more difficult it is for criminals and terror- 
ists to gain entry into the American financial system, the more 
likely it is that they will need to rely on less secure and less effi- 
cient means of financing their activities. 

Since the passage of the USA PATRIOT Act of 2001, the FDIC 
has been involved in a number of activities aimed at supporting 
our efforts to reduce the risk of terrorist financing activities. We 
participated in the rulemaking process of relevant parts of the USA 
PATRIOT Act, and we participated in a number of working groups 
focused on counter-financing of terrorism and the USA PATRIOT 
Act. In conjunction with this, and in part to address some rec- 
ommendations identified in a recent inspector general report, the 
FDIC has undertaken or established a number of initiatives to en- 
hance our enforcement of the Bank Secrecy Act. 

First, consistent with the increased importance of the BSA, the 
additional workload associated with the USA PATRIOT Act and 
greater emphasis on international efforts to combat terrorism fi- 
nancing, we are dedicating more staff to oversight of our anti- 
money laundering and PATRIOT Act efforts. Currently, the FDIC 
has more than 150 Bank Secrecy Act subject matter experts nation- 
wide. The FDIC expects to double this number over the next 18 
months. 

Second, the FDIC is requiring that all examiners complete addi- 
tional formal training on anti-money laundering and PATRIOT Act 
issues by the end of this year. This computer-based training also 
will be offered to all State banking authorities and other regulators 
who wish to provide additional training for their staff. 

Third, the FDIC is reviewing all written guidance for examiner 
and industry use to assure that it is current and provides clear di- 
rection. 

Fourth, beginning this month, in those instances where the State 
banking authority does not conduct Bank Secrecy Act exams, the 
FDIC will send an examiner to conduct an examination for BSA 
and anti-money laundering compliance concurrent with the State 
authority’s safety and soundness examination. While the FDIC re- 
views BSA compliance each time it examines a State-chartered 



12 


nonmember bank, not all States conduct similar examinations. This 
initiative will ensure that all FDIC-supervised banks are reviewed 
for money laundering and terrorist financing activity during every 
examination cycle. 

Fifth, the FDIC has centralized the monitoring process for FDIC- 
supervised banks with serious anti-money laundering program defi- 
ciencies. This ensures a consistent supervisory approach is applied 
on a national basis. In addition, the FDIC recently centralized the 
process for referring violations to FinCEN, which provides consist- 
ency in reporting. These centralization efforts will enable us to 
analyze historical data internally to identify emerging trends and 
issues among FDIC-supervised banks. 

Sixth, the FDIC will continue its participation in the Bank Se- 
crecy Act Advisory Group, which is a public-private partnership en- 
gaged in the evaluation of strategies to detect and prevent money 
laundering and terrorist financing schemes. These initiatives are 
underway and ongoing. 

There is more we can do. Here are some ideas we are exploring 
within the FDIC and the broader Government to further buttress 
our efforts: Work toward a smarter BSA that accomplishes the mis- 
sion more efficiently through more useful and timely filing by 
banks; Encourage the use of Section 314 safe harbor language in 
the law to foster meaningful dialogue between institutions about 
suspicious transactions; Tear down the wall between industry and 
Government and foster better dialogues about the broader threats, 
current criminal and terrorist practices, and about the way institu- 
tions’ BSA filings are put to use; Enhance and solidify the percep- 
tion of invulnerability. Any criminal or terrorist should know that 
if he uses the U.S. banking system to transfer value, he will be 
caught. 

In conclusion, the FDIC is fully committed to preventing the use 
of the financial system to support criminal or terrorist activities. 
Only through a strong and comprehensive supervisory response 
and the continued full commitment of the industry can we create 
an environment where terrorists know that any attempt to use the 
American financial system to fund their operations poses an unac- 
ceptable risk of discovery. 

This concludes my testimony. Thank you. 

Chairman Shelby. Mr. Gilleran. 

STATEMENT OF JAMES E. G I LLERAN 
DIRECTOR, OFFICE OF THRIFT SUPERVISION 
U.S. DEPARTMENT OF THE TREASURY 

Director Gilleran. Chairman Shelby, Senator Sarbanes, Mem- 
bers of the Committee, the OTS fully supports the Bank Secrecy 
Act and the U.S. PATRIOT Act, and we are dedicated to make sure 
that our agencies and our licensees completely carry out their re- 
sponsibilities under them. 

In the last 10 months, of our 916 institutions we have completed 
476 BSA examinations. Of those 476 examinations, we found 167 
associations with BSA violations. The number of violations in those 
associations in total were 342. All of those violations were ad- 
dressed prior to the completion of our examinations and did not 
lead to any more formal action since the institutions completely ac- 



13 


cepted our findings and made changes immediately. We have 7 ac- 
tions that have come out of that effort that have been more formal 
in nature, have resulted in cease-and-desist orders and in civil 
money penalties. And we have 4 or 5 more that are in process. 

To put the number of violations, though, into perspective, 342, in 
adding up the number of potential violations that are embedded in 
the OTS and Treasury regulations, they number over 200 for each 
institution. So the possibility of the number of violations in those 
approximately 500 examinations was over 100,000 potential viola- 
tions. So the regulations are extremely detailed and, of course, our 
examination procedures are appropriately detailed but risk-focused. 

We have also participated in trying to conduct educational pro- 
grams for the industry. We have provided additional training for 
our staff. We have greatly expanded the number of examiners who 
are BSA trained. We have halved the interval between BSA exami- 
nations from 24 to 36 months to 12-month to 18-month intervals. 
We have developed and implemented enhanced scoping and exam- 
ination procedures. We have implemented a new BSA tracking and 
monitoring information system. We have improved internal con- 
trols governing internal data collection. We have bolstered our off- 
site BSA monitoring programs. We have adopted more robust and 
stringent enforcement policies. We have implemented the new BSA 
quality assurance and audit program. And we have improved our 
internal communications and external communications and coordi- 
nated closely with other financial regulatory agencies, Department 
of the Treasury, and law enforcement. 

I await your questions. 

Chairman Shelby. Thank you. 

Ms. Johnson. 

STATEMENT OF JOANN M. JOHNSON 
CHAIRMAN, NATIONAL CREDIT UNION ADMINISTRATION 

Ms. Johnson. Chairman Shelby, Senator Sarbanes, and Mem- 
bers of the Committee, thank you for the invitation to testify before 
you today on behalf of the National Credit Union Administration 
on the enforcement of the Bank Secrecy Act. 

Congress enacted the BSA to prevent credit unions and other fi- 
nancial institutions from being used as intermediaries for the 
transfer or deposit of money derived from criminal activity. NCUA 
is the regulatory authority that monitors federally insured credit 
unions for compliance with the BSA. 

I am pleased to report to the Committee that federally insured 
credit unions have a good record of compliance with the require- 
ments of the BSA. Credit unions are also substantially in compli- 
ance with Sections 314, Information Sharing, and Section 326, Cus- 
tomer Identification Program, of the USA PATRIOT Act. 

At the end of 2003, NCUA insured 9,399 credit unions. Almost 
50 percent of federally insured credit unions have assets less than 
$10 million. These credit unions are less likely to have transactions 
that trigger the recordkeeping and recording requirements of the 
BSA. Additionally, approximately one-third of Federal credit unions 
have a single common bond sponsor. Officials in smaller credit 
unions often have a more intimate understanding of their members’ 
transactions, which facilitates their compliance with the require- 



14 


ments of the BSA. Consequently, money laundering has not been 
a major problem for credit unions. 

Nevertheless, much has changed since the terrorist attacks of 
September 11. NCUA recognizes that some federally insured credit 
unions may be targeted by individuals or groups seeking to launder 
money. 

The Federal Credit Union Act requires NCUA to assure BSA 
compliance in federally insured credit unions. Federally insured 
credit unions are required to have BSA compliance programs that 
effectively monitor their daily operations to assure compliance with 
all applicable rules and regulations. 

In fact, the risk-focused examination program used by NCUA ex- 
aminers and State credit union examiners directs that a review of 
compliance with the BSA be completed at every examination. All 
examinations of federally insured credit unions completed by a 
State regulator are reviewed by NCUA staff. It should be noted, 
however, that NCUA does not review examinations of privately in- 
sured credit unions and does not have enforcement authority for 
BSA compliance in those credit unions. 

During the examination of the 7,500 federally insured credit 
unions in 2003, NCUA determined that there were 334 violations 
of the BSA. The violations were in 261 credit unions, representing 
3.5 percent of all credit unions examined. The most common viola- 
tions fell into three categories: Inadequate written policy, 63 per- 
cent; inadequate customer identification program, 8 percent; or 
inadequate currency transaction reporting procedures, 7 percent. 

Of the 334 violations, credit union officials working with an ex- 
aminer, corrected or agreed to correct 99 percent of the violations 
during the on-site examination. 

In instances when violations at a federally insured credit union 
persist and/or are more severe, NCUA has several options to ini- 
tiate corrective action. They range from a letter from the NCUA 
Regional Director to formal administrative action, including con- 
servatorship. 

NCUA will use a formal administrative action when necessary to 
correct BSA violations. This has occurred twice in the recent past. 
NCUA placed one institution into conservatorship and issued a 
cease-and-desist order against another. 

NCUA has taken numerous initiatives to address BSA compli- 
ance in credit unions. These initiatives fall into the following 
general categories: Examination program, examiner training, com- 
pliance examiners, and credit union education. 

In addition to on-site reviews of BSA compliance during examina- 
tions, NCUA has issued several publications to educate federally 
insured credit unions on BSA and USA PATRIOT Act compliance. 

Looking forward, NCUA is committed to maintaining a dynamic 
examination program that will assure federally insured credit 
unions have effective programs in place to minimize the risk of 
money laundering. NCUA will continue to provide guidance to fed- 
erally insured credit unions regarding compliance with the BSA. 

Again, thank you, Mr. Chairman, for the opportunity to appear 
before you today on behalf of NCUA to discuss BSA compliance in 
the credit union industry. I am pleased to respond to any questions 



15 


the Committee may have or be a source of any additional informa- 
tion you may require. 

Thank you. 

Chairman Shelby. Thank you. 

Mr. Fox. 

STATEMENT OF WILLIAM J. FOX 

DIRECTOR, FINANCIAL CRIMES ENFORCEMENT NETWORK 
U.S. DEPARTMENT OF THE TREASURY 

Mr. Fox. Thank you, Mr. Chairman, Senator Sarbanes, and dis- 
tinguished Members of the Committee. I appreciate the opportunity 
to appear before you here today to discuss the role that the Finan- 
cial Crimes Enforcement Network can and should play in Bank Se- 
crecy Act compliance and enforcement matters. It is truly an honor 
for me to appear with this distinguished panel. As I stated the last 
time I appeared before this Committee, we very much appreciate 
the leadership and commitment and oversight of this Committee 
and its staff on these important issues that are the focus of today’s 
hearing. I have prepared a statement and have submitted it for the 
record, and I will keep these remarks very brief. 

FinCEN is the delegated administrator of the Bank Secrecy Act. 
Through that delegation, FinCEN is answerable to the Secretary of 
the Treasury for ensuring that the ultimate goals of the Act are 
achieved. While we eagerly accept this responsibility, this responsi- 
bility is not ours alone. The distinguished ladies and gentlemen on 
this panel with me today and the agencies they represent, as well 
as other agencies such as the Securities and Exchange Commission 
and the Internal Revenue Service, have been delegated responsi- 
bility to examine financial institutions for BSA compliance. 

Indeed, presently implementation of the Bank Secrecy Act’s regu- 
latory regime involves eight different Federal agencies and three 
SRO’s. This unusual structure is both a strength and a weakness. 
The weaknesses are obvious and sometimes clearly manifested. To 
diffuse responsibility across so many bureaucracies can cause, and 
indeed on occasion has caused, inconsistency in application, lack of 
clarity on purpose, and, more importantly, a lack of accountability. 
However, let me submit to you that, if managed properly, this 
structure can also be a strength because it builds upon the existing 
expertise and examination functions of the regulators who know 
their industries best. This structure leverages resources where re- 
sources would otherwise be completely insufficient and possibly du- 
plicative, and the current structure exploits the knowledge base, 
experience, and resources of these disparate regulators who, again, 
know their industries best. 

I view it as FinCEN’s responsibility to work with my colleagues 
at this table to help manage this structure, to build on the 
strengths our diverse partners bring to the table. In other words, 
administration of the Bank Secrecy Act means oversight, it means 
coordination, and it means ensuring consistency of application. 

When I appeared before this Committee in April, I outlined a 
number of challenges I perceived as I came to learn more about 
FinCEN. In my view, of all of those challenges, there are no chal- 
lenges as important to FinCEN as the proper and appropriate im- 
plementation of the Bank Secrecy Act’s regulatory regime. Much of 



16 


our work has been and is devoted to the goal of maximizing indus- 
try compliance with that regime. We have new leadership of our 
regulatory team at FinCEN. We have also developed some short- 
term priorities for FinCEN in this area and on these issues to bet- 
ter understand the industries we regulate, assist our regulator 
partners in the examination process, and to further enhance our 
own capabilities to enforce the regulatory regime we have been 
asked to administer. 

We also have several ideas on how to better manage and coordi- 
nate the implementation of this regulatory regime on which we will 
engage our regulatory partners. The specifics of those priorities and 
the ideas that we have are set forth in my written testimony so I 
will not recite them here. What I want you to know, Mr. Chairman, 
is that I clearly understand how important this set of issues is to 
the success of our country’s anti-money laundering and counter- 
terrorism finance efforts, dare I say it, to our country’s security. 
The implementation of this risk-based system is a delicate matter 
that demands balance, consistency, and clarity. 

For example, the cornerstone of the Bank Secrecy Act, suspicious 
activity reporting, requires financial institutions to make judgment 
calls. If we fail in properly implementing this regime, if we get it 
wrong, the entire system fails. In other words, if as regulators we 
do not keep our focus on the implementation of appropriate anti- 
money laundering programs that generate proper reporting, there 
could be two equally unacceptable outcomes. Compliance, for exam- 
ple, is not about second-guessing individual judgment calls made 
by financial institutions whether a particular transaction is sus- 
picious. If we go down that path, financial institutions as small “c” 
conservative institutions will merely file on everything to protect 
themselves from regulatory risk. If, on the other hand, we are too 
lax when it comes to ensuring institutions or implementing these 
programs, proper reporting simply will not be generated. Either 
scenario represents a failure of implementation, in my view. 

Mr. Chairman and distinguished Members of this Committee, 
you should know that you have my commitment and the commit- 
ment of the women and men of FinCEN to do all in our power to 
ensure the appropriate and robust implementation of this critical 
regulatory regime. We appreciate this Committee’s continued sup- 
port and focus on these critical issues. Again, I appreciate very 
much the opportunity to be here today, and hopefully our presence 
here will add to this important conversation. 

I will be happy to answer any questions the Committee may 
have. 

Chairman Shelby. Thank you. I thank all of you. 

We have all heard former President Reagan’s statement: “Trust, 
but verify.” What I fear here is that there has been a lot of trust 
and no verification for many years. 

Mr. Hawke, for the record’s sake here, would you indicate, the 
first BSA compliance issue at Riggs, when it was noted by an OCC 
examiner? And when was final action taken with respect to the 
particular BSA compliance problems, in other words, the gap there, 
beginning to the end? 



17 


Comptroller Hawke. I have reviewed the record back to 1997, 
Mr. Chairman, and in 1997, we noted certain shortcomings in their 
compliance program. 

Chairman Shelby. What did you do about it? 

Comptroller Hawke. First of all, we graded their program “satis- 
factory,” which in retrospect was clearly not warranted in view 
of 

Chairman Shelby. In other words, you did not do anything. 

Comptroller Hawke. No. We told them that they had to make 
certain improvements in their Bank Secrecy Act compliance. They 
went through the motions of making those changes, and as we 
came back 

Chairman Shelby. Did you go through the motions of checking 
them, too? 

Comptroller Hawke. We did. In subsequent examinations, we 
found that they had not fully complied, and we continued to push 
them to do it. 

Chairman Shelby. What did you do about it when you knew 
they had not complied? Nothing? 

Comptroller Hawke. As I said in my oral statement, Mr. Chair- 
man, we did not take swift enough and strong enough action. 

Chairman Shelby. Could you just for a minute discuss the proce- 
dures for routine Bank Secrecy Act examinations? Just give us a 
scenario. 

Comptroller Hawke. We have about 40 full-time Bank Secrecy 
Act compliance examiners and a team of about three specialists in 
the Washington headquarters who set policies. In our large banks, 
Bank Secrecy Act compliance is a regular part of the ongoing re- 
sponsibilities of the resident teams at those large banks. In those 
banks where we do not have full-time resident teams, Bank Se- 
crecy Act compliance is part of their regular on-site examination. 

Chairman Shelby. How many, if you could quantify — and if you 
cannot do it here, do it for the record — violations did you pick up 
at Riggs? There had to be a lot of them. 

Comptroller Hawke. There were plenty of violations at Riggs. 

Chairman Shelby. Over many, many years, right? 

Comptroller Hawke. At the beginning of the process, the viola- 
tions were inadequate control systems, inadequate training, and 
the like. As we developed further familiarity with that program, it 
was clear that the violations included failure to file suspicious ac- 
tivity reports in situations where they were called for. 

Chairman Shelby. Would it be fair to say that the scrutiny of 
the BSA was in name only? In other words, there is not a lot of 
verification, there is not a lot of compliance? Seven years’ worth of 
violations and nothing really happened. 

Comptroller Hawke. I am not sure I would characterize it quite 
that way. 

Chairman Shelby. Close to it? 

Comptroller Hawke. I think the problem, Mr. Chairman, was not 
that we were not identifying shortcomings in their compliance pro- 
gram. We were. We were insufficiently robust in assuring that they 
were correcting those 

Chairman Shelby. In other words, you did not do anything about 
it, just plain English. 



18 


Is that right? 

Comptroller Hawke. We did not take swift enough action or 
strong enough action. 

Chairman Shelby. Okay. If we know this has gone on at Riggs 
under your supervision, as you are the Comptroller of the Cur- 
rency, how many other hundreds of thousands, perhaps, of exam 
reports in your files which document serious and unaddressed BSA 
compliance issues at national banks throughout the country? Does 
that concern you? 

Comptroller Hawke. It certainly is an appropriate question. I do 
not have any reason to think that Riggs represents a systemic 
problem. But I have directed 

Chairman Shelby. But you do not know that. 

Comptroller Hawke. I have directed our Quality Management 
Division to make exactly that kind of inquiry and to report back 
to me on it. 

Chairman Shelby. Mr. Hawke, in addition to the Saudi and 
Equatorial Guinea accounts, Riggs held numerous other foreign ac- 
counts, including what many characterize as what we would call 
high-risk by FinCEN and OF AC. They include, among others, 
Burma, Cuba, the Sudan, Iraq, Iran, Syria, and Nigeria. If Riggs’ 
BSA/AML internal controls were so deficient, which is a given, 
should we be concerned, in other words, should you be concerned 
that many of these other embassy and special interest accounts 
could suffer similar inadequacies and violations? 

Comptroller Hawke. That is certainly a concern, and we have 
been addressing that concern in a number of ways over the last 
year and a half. 

Chairman Shelby. Will you give us a report to the Committee 
on what you have done, especially in these particular ones we have 
raised here? 

Comptroller Hawke. I would be happy to, Mr. Chairman. 

Chairman Shelby. Senator Sarbanes. 

Senator Sarbanes. Thank you very much, Mr. Chairman. 

Mr. Fox, you are the Administrator of the Bank Secrecy Act. Is 
that correct? 

Mr. Fox. Yes, sir. 

Senator Sarbanes. When did FinCEN learn of the problems at 
Riggs Bank? 

Mr. Fox. I believe the first we learned of the problems at Riggs 
Bank from the Comptroller’s office was in June 2003. 

Senator Sarbanes. June 2003? 

Mr. Fox. I believe, yes. 

Senator Sarbanes. Well, now, we just heard in response to the 
questions from Chairman Shelby that the Comptroller’s office, as 
I understand Mr. Hawke’s answer — and he can correct me — had 
identified shortcomings at Riggs as early as 1997. Is that correct? 

And the first you knew as the Administrator of the Bank Secrecy 
Act, that there were such shortcomings, was when in 2003? 

Mr. Fox. June 2003, Senator. That is what I am told. I was not 
there at FinCEN at the time, but that is what I am told. 

Senator Sarbanes. You are the Administrator of this Act. Do you 
not think there is something amiss when these shortcomings are 
being identified and you are not told about it? 



19 


Mr. Fox. I actually think, sir, that we have a responsibility to 
engage our regulator partners to make sure that this communica- 
tion is occurring on a regular and consistent basis. 

Senator Sarbanes. Am I to take it from that answer that to your 
perception the same possibility would exist with respect to the 
other agencies? There is no established reporting procedure which 
lets you, as the Administrator of the Bank Secrecy Act, know at a 
fairly early point that these regulators have discovered deficiencies 
in the workings of their financial institutions with respect to the 
Bank Secrecy Act? 

Mr. Fox. What I have found, Senator, since I have been there, 
is that communication occurs on an ad hoc basis, and I believe that 
that is not a wise course to follow. I believe that it should be rou- 
tinized and we should have better, more established, consistent 
channels of communication if we are going to administer the Act 
effectively and efficiently. 

Senator Sarbanes. Let me ask the panel: When was the last 
time those on the panel, the regulators, including the Adminis- 
trator of the Bank Secrecy Act, from the Treasury, Mr. Fox, met 
together to discuss and review programs and policies for coordina- 
tion of the application of the Bank Secrecy Act? 

Mr. Fox. Sir, we had a meeting. I believe it was as recently as 
last month. It might be the month before. I can get you the exact 
date if you like. We have a group that we call affectionately, the 
SAR owners group, which includes all of the bank regulators, the 
functional regulators, and we met for an afternoon at FinCEN, and 
discussed just a number of issues that relate to this. 

Senator Sarbanes. And this included the people at this table? 

Mr. Fox. No, sir. It was their staff that handled these types of 
issues for them. 

Senator Sarbanes. Let us take it a level above you and go to the 
Secretary of the Treasury. Are you the administrator by delegation 
from the Secretary of the Treasury? 

Mr. Fox. Yes, sir. 

Senator Sarbanes. When was the last time, Ms. Bies, that you 
and these other top regulators here, and the Secretary of the 
Treasury — although if he sent Mr. Fox, I will accept that for the 
moment — met in order to discuss Bank Secrecy Act matters? 

Ms. Bies. Senator, I have not had such a meeting. I am not 
aware whether any of the other governors have. I can follow up on 
that and let you know. 

Senator Sarbanes. Are you the governor that is the point 
person 

Ms. Bies. I chair the Committee on Supervision Regulation, so 
it would be — I would probably be the one, and I have not had such 
a meeting at that level. 

Senator Sarbanes. Mr. Hawke. 

Comptroller Hawke. I am not aware of any meeting during my 
tenure, Senator Sarbanes, of principals to discuss Bank Secrecy Act 
matters. 

Senator Sarbanes. Mr. Powell. 

Chairman Powell. Two meetings, Senator. First of all, Vice 
Chairman Reich met with Mr. Fox about, I am guessing, 3 to 4 
weeks ago to discuss this particular issue. Then I met with 



20 


Senator Sarbanes. Four weeks ago? 

Chairman Powell. Three to 4 weeks ago. I met with the Sec- 
retary of the Treasury within the last 10 days. Among other things, 
we talked about BSA. 

Senator Sarbanes. Now, that was just between you and them 
though. It was not a general meeting of the regulators? 

Chairman Powell. It was not a general meeting. 

Senator Sarbanes. It seems to me that you all might presumably 
learn something from one another in this arena. 

Mr. Gilleran. 

Director Gilleran. FinCEN is involved in all 7 of our cease-and- 
desist orders that have culminated from our examinations in the 
last year, and our people have met with FinCEN on several occa- 
sions in a formal way. I myself have not participated personally. 

Senator Sarbanes. Ms. Johnson. 

Ms. Johnson. I am not aware of a formally organized meeting 
that may have been attended by Former Chairman Dollar and then 
by myself. 

Senator Sarbanes. Is it an outlandish idea to think that a co- 
ordinated meeting of the regulators and FinCEN with respect to 
the Bank Secrecy Act on some periodic basis would be a good idea? 

Chairman Powell. It is a good idea, Senator. 

Comptroller Hawke. I completely agree, Senator. I think sharing 
information and experiences at the principal level would be very 
useful. 

Senator Sarbanes. Mr. Chairman, I have other questions, but 
my time is up, and I will yield. 

Chairman Shelby. We have another round. 

Senator Reed, thank you for your indulgence. 

Senator Reed. Thank you, Mr. Chairman, and thank you for 
your testimony, ladies and gentlemen. 

Mr. Hawke, why were criminal charges not brought in this mat- 
ter with respect to Riggs? Is there a provision to allow criminal 
charges? 

Comptroller Hawke. Senator Reed, Riggs is a matter of ongoing 
investigation, and I think I need to be rather circumspect in talk- 
ing about what may be coming out of the ongoing discussions relat- 
ing to Riggs. 

Senator Reed. Fine. There is a general question you might also 
want to be circumspect. That is, the motivation behind these viola- 
tions, which are rampant over many years. It would be one thing 
if it was just inattention or, lax recordkeeping. It would be some- 
thing else if it was just designed to avoid regulation to induce busi- 
ness, and a third category, obviously, if there was some malign mo- 
tive of cooperating with people who are criminals or worse. I do not 
know if you want to comment on that? 

Comptroller Hawke. Yes, I would like to comment on that, Sen- 
ator, because Riggs was not an unsophisticated country bank. They 
were a long-established, significant bank in the Nation’s Capital. 
As I look back over the record and ponder the same kind of ques- 
tion that you have raised, it seems to me that there was an inher- 
ent tension involved in Riggs’ business objective, which was essen- 
tially to monopolize the embassy banking business. They had 95 
percent of the embassies in Washington, 50 percent of the embas- 



21 


sies in London, and they put a very high degree of importance on 
that business. But that was a very high-risk business from a Bank 
Secrecy Act point of view. There was an inherent conflict, an inher- 
ent tension between that business objective and the responsibility 
for robust compliance with the Bank Secrecy Act. 

Senator Reed. Thank you. 

Governor Bies, there is another related case, and that is UBS In- 
vestment Bank of Switzerland with respect to the extended custo- 
dial inventory program. A $100 million fine, I presume a civil fine? 

Ms. Bies. Yes, it was a civil fine, yes, sir. 

Senator Reed. Is there any contemplation of criminal charges? 

Ms. Bies. I think I again need to be circumspect around that 
right now while we continue to get the full information. 

Senator Reed. Let me pose the same question I posed to Mr. 
Hawke. What is your sense of the motivation, given there are a 
range of motives and some of them are, none of them are accept- 
able, but some are more serious and sinister than others. 

Ms. Bies. Again, I do not want to comment on the motives. The 
only thing I will comment is that when you have collusion to man- 
age the information that comes to the Federal Reserve, there is 
some kind of intent, and that also the collusion made it difficult for 
us to detect it, and as a result of this we are looking; we have al- 
ready changed procedures, and we are going in to test those proce- 
dures in the future to try to see if there is a way we could have 
detected this despite the collusion. 

Senator Reed. Thank you, Governor Bies. 

Mr. Gilleran, the GAO report, at least my understanding of it, 
suggests that in a survey of 986 thrifts from January 2000 to Octo- 
ber 2002, they discovered BSA violations at 180, which seems to be 
almost 20 percent. That causes you concern? 

Director Gilleran. It certainly does, and we have responded to 
that report, and we are appreciative of their comments in this area, 
and we have adjusted our system accordingly. We have improved 
our information system and that period of time was prior to the 
USA PATRIOT Act, and the focus of course now is much greater, 
but I think that review was a good one for us, and we are now 
presently being reviewed by the GAO also in the same area. I think 
outside reviews are helpful. 

Senator Reed. Thank you. The obvious question that I will just 
pose to the panel, is there any legislative authority that you need 
in addition to the existing statutes to better coordinate, better im- 
plement, and better enforce? I say that because I spend time on the 
Armed Services Committee also and we spend a lot of hours on the 
war, on terror and threats to the Nation. And you might have a 
more decisive role in frustrating attacks against America than 
many of our uniformed officers, if you can control the monies. 

Ms. Johnson. 

Ms. Johnson. Senator, there is one area that NCUA would have 
interest in. The Exam Parity Act of 1998 gave NCUA authority to 
perform examinations of third-party vendors, and the Act contained 
a sunset provision, and that authority expired in December 31, 
2001. The other regulators do have that indefinite examination au- 
thority over third-party vendors, and that may be helpful. 

Senator Reed. Thank you. 



22 


Comptroller Hawke. Could I just add something, Senator Reed? 

Senator Reed. Yes, sir. 

Comptroller Hawke. The legal requirements that we as regu- 
lators enforce are very far-reaching and very demanding. They go 
essentially, though, to process, to the maintenance of control sys- 
tems, to training, to the maintenance of compliance officers, to the 
filing of currency transaction report, and the filing of suspicious ac- 
tivity reports. 

I think those statutes provide a very strong framework for the 
regulators to assure, if they are carrying out their responsibilities 
properly, that the banks, which have the primary information 
about transactions, are doing their job in identifying who their cus- 
tomers are, knowing what kinds of transactions are going through 
their accounts, and filing all the appropriate reports. It is the job 
of law enforcement to take the output of that process and to deter- 
mine whether there are actual money laundering transactions or 
terrorist financing transactions that are going through the system. 

I think that the statutory framework is strong and adequate if 
we fulfill our responsibilities and the banks fulfill theirs in meeting 
the requirements to have the right kind of controls, to have the 
right kind of systems, and to do the right kind of reporting. 

Senator Reed. Thank you. 

Thank you, Mr. Chairman. 

Chairman Shelby. Thank you, Senator Reed. 

Director Gilleran. Just to respond further to Senator Reed, in 
my written statement I have made some recommendations for in- 
creased communications and better flow of information from law 
enforcement back to the institutions we regulate, because I think 
one of the problems here is the institutions do not know to what 
end a lot of the information that they are providing results in, and 
I think that would help them to better focus on a problem if they 
had more feedback. 

At the same time I would like to see, and I think my fellow regu- 
lators agree, that we should have a working group set up at the 
Federal Financial Institution Council focusing on Bank Secrecy 
Act, and I would like to have FinCEN be part of that. I think that 
is the appropriate forum under which we can all communicate. 

But I think enhanced communication of information is very im- 
portant in this process. 

Senator Reed. Thank you, Mr. Chairman. 

Chairman Shelby. Mr. Hawke, as I understand it from talking 
with you yesterday, if someone withdraws, we will just use $1 mil- 
lion, at Riggs Bank, $1 million in cash. And the bank files a notice 
of that with you, with the transaction report. Is there a second step 
that has to be done dealing with the Bank Secrecy Act? In other 
words, is it a two-step process? Would that be a little suspicious, 
$1 million? 

Comptroller Hawke. I think a $1 million cash transaction would 
inherently raise 

Chairman Shelby. Should have set off an alarm somewhere at 
the Comptroller of the Currency if you had known. 

Comptroller Hawke. It should have set off alarms at the bank, 
which is the first place that the transaction would be noticed. 



23 


Chairman Shelby. Unless the bank perhaps was maybe not fil- 
ing that second report? Was it incumbent upon them to file two re- 
ports, one the transaction itself, the withdrawal? 

Comptroller Hawke. There are statutory and regulatory stand- 
ards that define the circumstances for filing suspicious activity re- 
ports, and it is the bank’s obligation in the first instance to make 
sure that they are filing suspicious activity reports where there is 
a suspicious transaction. 

Chairman Shelby. So it is a two-step process, was it not? That 
is what I am getting at. 

Comptroller Hawke. That is right. 

Chairman Shelby. The first one they file, and they did file, as 
I understand? 

Comptroller Hawke. That is right. 

Chairman Shelby. But they did not file the suspicious activity 
report, although in some cases there is $1 million in cash with- 
drawn; is that correct? 

Comptroller Hawke. That is correct. 

Chairman Shelby. Mr. Fox, I know there is an ongoing inves- 
tigation, but it suggests to me maybe there is a conspiracy or some- 
thing going on at Riggs. They file one report and do not file the 
others, you know, something is going on in the bank. Does that 
trigger anything with you? 

Mr. Fox. Senator, I agree that $1 million cash transaction gen- 
erally should set off alarms, and I think it does at most institutions 
if such transactions occur. I really cannot comment on what 

Chairman Shelby. I know, not on an ongoing investigation. 

Mr. Fox. Yes, sir. 

Chairman Shelby. Mr. Hawke, as you fully confident as we 
speak today, after looking back in the Comptroller of the Cur- 
rency’s Office, that your examiners fully understand the signifi- 
cance of BSA compliance? We know they understand the safety and 
soundness compliance, which is important. 

Comptroller Hawke. Senator, if they do not understand it today, 
we have a very serious problem. I think they do. We have empha- 
sized it repeatedly. We are in the process of revising our examina- 
tion handbook for Bank Secrecy Act. I directed our Committee on 
Bank Supervision to send out a very strong message to all of our 
examination personnel to reemphasize the importance of Bank Se- 
crecy Act compliance and the need for transaction testing and the 
need to be extremely cautious and sensitive about identifying 
transactions that raise questions. 

Chairman Shelby. Governor Bies, how many cases, if any, has 
the Federal Reserve referred to FinCEN in the past year? 

Ms. Bies. Total number of cases I may have to get back to you, 
sir. 

Chairman Shelby. I heard it was zero, that it was no referrals. 

Ms. Bies. No, that is not true. That is not true. We have a good 
working relationship. We have the history of the 25 cases I cited. 
We actually referred cases to FinCEN, and in some cases they took 
formal action. 

Chairman Shelby. Will you furnish that to the Committee? 

Ms. Bies. We will get you a list, yes, sir. 



24 


Chairman Shelby. What criteria is used in determining whether 
to refer a case to FinCEN from let us say the Board of Governors 
of the Fed? 

Ms. Bies. When we go in and do the testing as part of the exam- 
ination procedure, we will look at the facts that we find and deter- 
mine the violations. Sometimes also, I want to emphasize that the 
tests we perform, since they are samples, we may not detect the 
errors, but that is why it is so important we work with FinCEN 
and law enforcement because like in Banco Popular, they gave us 
a heads up on particular customers that we could then target for 
this testing, and were able to work with them to prove the case. 
So the information sharing is critical with law enforcement, both 
Department of Justice as well as FinCEN, to make sure we are ef- 
fective jointly, because together we can find more than individually 
working. 

Chairman Shelby. Mr. Fox, do you recall any referrals from the 
Federal Reserve to FinCEN? 

Mr. Fox. Senator, I would like to get back to you with that num- 
ber, particularly based on the Governor’s comments. I just would 
like to get back and make sure we do not leave anything incorrect. 

Chairman Shelby. That what you told us before is right? 

Mr. Fox. Yes. 

[Laughter.] 

I want to be right, sir. 

Chairman Shelby. Mr. Fox, has FinCEN ever encountered re- 
sistance from bank regulators to the kind of communication you be- 
lieve is essential to your mission of law enforcement? 

Mr. Fox. Sir, since I have been an FinCEN, absolutely not. In 
fact, one of the gratifying things that has occurred for me since I 
have been at FinCEN, since December 2003, is the willingness of 
the staff of the regulators to engage in this way. 

I think we are working on these issues and working on them 
hard, and I think this is getting better. That is my perception. I 
cannot speak about the past. 

Chairman Shelby. To all you as regulators, since September 11, 
2001, what has changed? Have you become more aware of the im- 
portance of terrorist financing and so forth? In other words, what 
have you done since September 11, 2001? 

Comptroller Hawke. Mr. Chairman, I think that the awareness 
of not only the regulators, but also everybody in Government has 
been significantly heightened since September 11. There are a 
number of supervisory actions that we have taken in this area in- 
cluding horizontal reviews of all of our large bank compliance pro- 
grams, as well as many of the mid-size bank compliance programs. 
As I said before, we have revised our examination procedures, and 
our examination handbook. We are creating a database of SAR’s. 
We are redoing a lot of things that have commended themselves to 
us because of the awareness that came from September 11. 

Chairman Shelby. Mr. Hawke, is there written guidance for ex- 
aminers on when to refer violations to FinCEN? I would ask Mr. 
Powell and Mr. Gilleran the same question. 

Comptroller Hawke. I believe there are referral guidelines, Mr. 
Chairman, and those guidelines generally provide for referral of 
systematic serious violations to FinCEN. 



25 


Chairman Shelby. Would this be true of the Board of Governors? 

Ms. Bies. Yes, sir. 

Chairman Shelby. Mr. Powell, the FDIC? 

Chairman Powell. Yes, sir. May I comment on your earlier 
question? 

Chairman Shelby. Absolutely. 

Chairman Powell. Obviously, I think there is a heightened 
awareness. We have dedicated more personnel. We have adopted 
new policies, and new procedures. Training is intensified. Let me 
make a couple of comments. 

I think policies, controls, oversight, testing, training are terribly 
important. I think it is important, in the line of questioning, that 
we fill in the box and that we make the appropriate reference to 
law enforcement. All those are critically important. But I do not 
think it is as important as the culture or the oversight of manage- 
ment. I think until management is committed, including the regu- 
latory agencies 

Chairman Shelby. At the top. 

Chairman Powell. It is a mindset, a proactive commitment. The 
procedures are important, but not like the attitude in our culture 
at the top. 

Chairman Shelby. Governor Bies. 

Ms. Bies. Mr. Chairman, I would like to echo what Mr. Powell 
just said, and to emphasize that at the Federal Reserve, one of the 
things we really focus on in terms of the quality assurance around 
our examination procedures is when we do find breaks in controls, 
that we take it very seriously and go back and say, what could we 
have done better, and improve it. 

For example, after Banco Popular, we went back and made sig- 
nificant changes in the way we were reviewing money laundering, 
the Bank Secrecy Act, and have put those changes in place. 

For the USA PATRIOT Act for those different parts of it where 
the required rules have been issued, we have already drafted new 
examination procedures. They are out in pilot, being actively tested 
by our examination force now to make sure they will be effective 
and have the intended results. We will adjust them if they do not 
get the results we are expecting. We just view this as a continuous 
process that every one of these events reminds us there are new 
ways that people are finding to use the banking system for illicit 
purposes, and whenever we find another way it is done, it is our 
job to respond promptly and make sure that is added to the arsenal 
of information that our examiners have out in the field to deal with 
this promptly. 

Chairman Shelby. Mr. Fox, how can you be sure that the bank- 
ing regulators are referring violations to you under consistent cri- 
teria; how do you do that? 

Mr. Fox. Mr. Chairman, I think we have an agreement that was 
signed in 1990, or it may even have been signed before FinCEN be- 
came a bureau, certainly before it became the Administrator of the 
Act. Sir, that agreement needs to be revisited and along with our 
colleagues at the table here we need to come up with some pretty 
set criteria and guidelines so that we are all working from the 
same page. 



26 


But I think again, sir, I would answer your question directly in 
saying that the best thing that we can do is engage these regu- 
lators. They are doing, from our perspective, very good work out 
there, and I think it is our responsibility to keep, if anything, 
maybe even be annoying at times, to keep reminding them that 
this is important and that we need to communicate and we need 
to do this in a right way. I think that is the best and most effective 
way to do it under this current system. 

Chairman Shelby. Senator Sarbanes. 

Senator Sarbanes. Thank you very much, Mr. Chairman. 

I have to say to the panel, I do not perceive a sense of urgency 
in dealing with this matter. I appreciate that the bank regulators 
have had a traditional focus on safety and soundness. And I under- 
stand that if something went wrong with safety and soundness, we 
would have you in here at the table and saying, “Why did you not 
meet your mission? Here we have had a breakdown in safety and 
soundness and it is affecting the whole financial system.” 

But these compliance questions are important as well. Now, 
some of them involve a lot of consumer protection and I am not 
going to move over into that arena, although that is an arena that 
I think is quite important, and I think there has been a tendency 
on the part of the regulatory agencies not to give it appropriate 
focus and attention and importance. But Bank Secrecy Act compli- 
ance could well go to some basic question of our Nation’s security. 

The Army announced today that they are going to keep thou- 
sands of active duty and reserve soldiers who are nearing the end 
of their volunteer service commitments, they are going to keep 
them in and have them serve an entire tour overseas. So it is really 
being transformed from a voluntary service into mandatory service. 
Now, the Army is under a lot of stress, which is resulting in this, 
but I mean, in a sense, emergency measures are being taken all 
over the place. 

And dealing with money laundering and terrorist financing is of 
critical importance. Now, we did not pay enough attention to it be- 
fore. We had drug cartels, we had crime syndicates using money 
laundering and so forth. Great resistance. The Justice Department 
came to us, when we did the USA PATRIOT Act and wanted this 
title and a lot of the authorities which previously they had not been 
able to obtain. It is clear why. 

Some banking institutions come to us and say that clients are 
moving to off-shore jurisdictions because they have to go through 
these procedures here. Apparently they want to move hot money, 
and they go somewhere else in order to try to do it, which of course 
leads to the question of who is responsible for interacting in order 
to curb what is being done in other jurisdictions. 

But we have to devise a way for compliance to have a higher sta- 
tus, and I am trying to figure out how that can be done while at 
the same time, you can continue to ensure safety and soundness. 
Let me ask a couple of questions. 

First of all, I take it from the responses we have already received 
that the Treasury Secretary, interacting with the head regulators 
who are here today, could establish periodic meetings to consider 
the application of the Bank Secrecy Act and how to enhance its en- 
forcement with respect to all of the financial institutions; is that 



27 


correct? We do not have to pass legislation in order for that to hap- 
pen; is that correct? 

[Witnesses nodded affirmatively.] 

I also gather most people think it is a good idea. I see everyone 
nodding. 

Mr. Fox, would you go back and tell Treasury Secretary Snow of 
this conversation we had here and see if we can get such a first 
meeting underway and then subsequent meetings to follow up? I 
mean, there is a lot of exchange that can take place here that I 
think will enhance the application of the Act. This is an important 
matter — I keep coming back to it — in the fight against terrorism. 

Mr. Fox. You have my word, sir, I will do that. I agree with you. 

Senator Sarbanes. Yes, okay. 

Now, I want to ask about the subordination of the compliance 
function at the various agencies to the safety and soundness exam- 
iners. The Fed maintains separate Safety and Soundness and Com- 
pliance Divisions, and that seems to me to give an extra impetus 
or focus to compliance and enables the development of enhanced 
expertise in that arena. I mean, the Safety and Soundness people 
have plenty to do in and of itself, and I think if you put the Com- 
pliance people under them, you may have a bit of a problem or 
maybe you will have quite a big problem. 

Now, as I understand it, the Compliance examiners at the other 
agencies have now been placed under the Safety and Soundness 
structure; is that correct? 

Director Gilleran. That is not true at the OTS. 

Senator Sarbanes. It is not true at the OTS? 

Director Gilleran. No. 

Senator Sarbanes. You have a separate Compliance Division? 

Director Gilleran. No, we have cross-trained, and therefore we 
see no distinction between Compliance and Safety and Soundness. 
We think that Compliance is part of Safety and Soundness. We 
have cross-trained our people so that they are completely able to 
do the compliance work, as well as safety and soundness work. We 
think that is the proper way to both train people and to carry out 
the examination process. 

Senator Sarbanes. Mr. Powell. 

Chairman Powell. Ours is separate, as you know, Senator. But 
one comment. I want to be sure I do not mislead you. BSA is part 
of the safety and soundness exam at the FDIC, and the reason for 
that is that we believe our BSA people should be trained more than 
in just the compliance effort, understand the bank operations, the 
assets and the liabilities. We found that terrorists sometimes get 
loans and just do not pay them back. So the BSA is part of the 
safety and soundness examination. The examiner are uniquely and 
specially trained. As I mentioned in my testimony, we have special- 
ists. We have 150 of them at the FDIC that do nothing but the 
BSA work. 

Senator Sarbanes. Well, with respect to both of you, does this 
response also apply to the other laws in which you have a compli- 
ance responsibility? 

Chairman Powell. No, sir. We have specialists in compliance 
that are specialists in consumer laws and other related compliance 
laws. 



28 


Senator Sarbanes. Are they under the safety and soundness peo- 
ple? 

Chairman Powell. They are under the Division of Supervision 
and Consumer Protection. We have a safety and soundness section, 
and we have a compliance section. 

Senator Sarbanes. And the OCC? 

Comptroller Hawke. I do not think it is accurate, Senator Sar- 
banes, to say that compliance supervision has been subordinated to 
safety and soundness supervision. We have, as the other agencies 
do, specialists in the compliance area, and each one of our banks 
has an examiner in charge. The examiner-in-charge of each of the 
24 largest banks is responsible for all aspects of supervision of that 
bank. He will have Safety and Soundness people reporting to him, 
he will have Compliance people, he will have Asset Management 
people and IT people all reporting to him. So, at the top of the pyr- 
amid, with respect to any one of our large banks, there is a single 
point of accountability who will have responsibility both for safety 
and soundness and compliance. 

One other point, Senator Sarbanes, the nature of the responsibil- 
ities that we have in the Bank Secrecy Act compliance area is pro- 
cedural and process-oriented, very much the same as the nature of 
the responsibilities we have in the safety and soundness area. Our 
examiners look at the adequacy of systems, the adequacy of con- 
trols, the adequacy of training. It is the same kind of methodology 
that is brought to bear on the safety and soundness side. So there 
is a great deal of similarity between the two disciplines. 

Senator Sarbanes. Well, now, as I understand it, the OCC re- 
cently realigned its compliance organizational structure; is that 
correct? 

Comptroller Hawke. We did not really realign it. We eliminated 
an intermediate level of management and replaced them with com- 
pliance experts in that chain of command. 

Senator Sarbanes. Well, now in the directive sent out by your 
Deputy Comptroller for Compliance, where they say you are going 
to “closely align our Compliance Program with our Safety and 
Soundness Program,” and then you move the Compliance field ex- 
aminers to report to the ADC’s in the field offices. That is a 
change. 

Comptroller Hawke. Right. That is with respect to the commu- 
nity banks. With respect to the large banks, as I described, it is the 
examiner-in-charge of the large bank who has the consolidated re- 
sponsibility for all aspects of supervision: safety and soundness, 
compliance 

Senator Sarbanes. And then let me go on. That same memo 
says, and I am concerned about this, “Given the changes that are 
occurring in the banking industry, we anticipate that the number 
of field compliance specialists and ADC’s at the Band 7 level will 
in the future exceed the volume of traditional compliance work at 
that level. Therefore, we are offering buyouts to the Compliance ex- 
aminers and Compliance ADC’s who occupy Band 7 positions.” 

Now, at a time when the OCC seems to be taking on more com- 
pliance responsibilities, both Bank Secrecy and Consumer Protec- 
tion, it is not quite clear to me how you can be buying out your 
Compliance examiners, in terms of meeting your responsibilities. 



29 


Comptroller Hawke. We are not reducing the number of Compli- 
ance people that we have in the organization as a whole, Senator 
Sarbanes, and we are trying to promote, as Chairman Powell and 
Director Gilleran indicated, the broadening of the expertise of our 
examiners, generally. 

Senator Sarbanes. Let me ask, do you have 

Comptroller Hawke. We do not intend to reduce the number of 
Compliance examiners. 

Senator Sarbanes. Then, that has not happened? You are not 
buying out Compliance examiners? 

Comptroller Hawke. No. I am not sure which memo you are 
reading from, Senator. 

Senator Sarbanes. It was a notice sent in March 2004 by Ann 
Jaedicke, Deputy Comptroller for Compliance. 

Comptroller Hawke. We put out a memo in May 2004, describing 
what was going on with respect to compliance, and we made very 
clear in that memo that we do not intend to reduce the number of 
Compliance examiners. 

Senator Sarbanes. Could you furnish us a copy of that memo. 

Comptroller Hawke. Yes, sir. I would be happy to. 

Ms. Bies. Senator Sarbanes, can I respond to the comment? I did 
not have a chance. 

The one thing I would like to point out, in the Federal Reserve 
System, we created, in 1993, at the Board level, a group, an officer 
who was really responsible for all of the BSA and anti-money laun- 
dering supervision, and we have expanded that group as need has 
occurred over the last few years. 

The reason we have specialists within Supervision and Regula- 
tion at the Board is to help design the policies and help us identify 
when there are weaknesses that need to be addressed out in the 
field exams. Within the Reserve Banks, which is where our exam- 
iners reside, is each of the 12 Reserve Banks, the examiners are 
part of the supervisory group within that Reserve Bank. 

But these, as we have gone from just money laundering with 
criminal activity to now bank secrecy, where you are involving 
maybe activities that go through legitimate funding sources that 
end up in terrorist hands, it gets more and more difficult to iden- 
tify the sources of funding. And so one of the things we are trying 
to do is to work aggressively with law enforcement to help identify 
back to the banks where there are particular cases, whether they 
need to do follow-up. 

So it is really a team effort. It is identifying policy and proce- 
dures at the Board level, using that to strengthen the activities in 
the Reserve Banks, and then work in the field by the examiners 
also giving us indications back up to the top where the supervisory 
process needs to change. But it is integrated within the overall su- 
pervision for the Bank Secrecy Act anti-money laundering. It is all 
within our supervisory responsibility of the Division of Banking Su- 
pervision and Regulation. 

Senator Sarbanes. That is very helpful. Thank you. 

Chairman Shelby. Is there a set number of warnings that a fi- 
nancial institution receives, Mr. Hawke? In other words, is there 
a number of years that generally pass between an initial warning 
regarding a BSA compliance and imposition of a penalty? 



30 


Comptroller Hawke. No, not at all, Senator. I think that is an 
issue that has to be decided in each case. Clearly, in the Riggs 
case, we gave them too much latitude over too long a period of 
time. 

Chairman Shelby. Trusted them too much? 

Comptroller Hawke. Well, it is not so much that we trusted them 
too much. We were insufficiently 

Chairman Shelby. Wait a minute now. Are you saying you did 
not trust them? I thought you told me before, and others have said, 
that a lot of the relationship with a bank is trust. 

Comptroller Hawke. In the Riggs case, it was not a question of 
our trusting the management. We saw things that needed to be 
fixed. We told them that they had to be fixed. Where we were 
guilty of a shortfall in not coming in robustly and soon enough. 

Chairman Shelby. There was no follow-through, in other words, 
by the Comptroller of the Currency’s Office, basically; is that cor- 
rect? 

Comptroller Hawke. The follow-through was not strong enough 
early enough. 

Chairman Shelby. Well, did it exist at all? 

Comptroller Hawke. We eventually 

Chairman Shelby. No, I mean from 1997 until recently, did it 
exist? 

Comptroller Hawke. Eventually, it did. In 2003, we issued a 
cease-and-desist order. We waited too long to do that. 

Chairman Shelby. Six years. 

Comptroller Hawke. We should have taken stronger action ear- 
lier. There is no question about that. 

Chairman Shelby. Chairman Powell, briefly, the Hudson United 
Bank Corporation, one of the most recent BSA-related cease-and- 
desist order involves the Hudson United Bank of New Jersey. 
Would you briefly walk us through the history of this case. What 
was the FDIC’s role in determining what measures would be taken 
in responding to information pointing to Hudson’s failure to comply 
with the Bank Secrecy Act? What was your agency’s assessment of 
Hudson’s risk prior to detection of its failure to comply with the 
Bank Secrecy Act? 

Chairman Powell. I am not sure I can answer those, specifi- 
cally, Mr. Chairman, but I can tell you that I have been briefed on 
that particular issue within the last 30 days. I think our people 
were very aggressive in assessing the enforcement action against 
that particular institution, after findings that had occurred over 
the last 12 to 24 months. 

Chairman Shelby. Mr. Fox, in the past here, in the Committee, 
and Senator Sarbanes has been here longer than I have, and this 
is my 18th year, but I can tell you in the past we have addressed 
the issue of regulatory forbearance as it related to the solvency of 
bank safety and soundness. 

We learned the hard way right here, and the regulators learned, 
too, that when regulators let banks that were in trouble get by, 
when those banks later failed, it cost the U.S. taxpayers billions 
and billions of dollars. 

What is your view with respect to the dangers of regulatory for- 
bearance in BSA compliance cases? 



31 


Mr. Fox. Oh, it cannot even enter the conversation, Mr. Chair- 
man. I believe that the information collected under the Bank Se- 
crecy Act is absolutely critical to the security of our country. 

Chairman Shelby. That is right. 

Mr. Fox. And I will tell you something that I hope is heartening. 
It has been my perception, since I have been at FinCEN, I have 
not seen any such regulatory forbearance among these regulators, 
but I do not think we could ever be in a situation where we would 
allow something like that to happen. 

Chairman Powell. Senator, I think the bank regulators 

Chairman Shelby. Chairman Powell. 

Chairman Powell. I am concerned, to some extent. I think that 
bank regulators and the industry we supervise recognize this is na- 
tional security. Safety and soundness is one issue, but this is equal 
or superior to safety and soundness — the national security of this 
country. And I think there is heightened oversight on the BSA. 

Chairman Shelby. A high priority. 

Chairman Powell. Absolutely. I think bankers, I would not un- 
derestimate the seriousness of the BSA enforcement. It is a na- 
tional security issue. It is lives and deaths. The other is dollars. 
And I think, clearly, our resolve is very strong that we enforce the 
Bank Secrecy Act. 

Chairman Shelby. But when there is a 6-year lapse there, that 
is more than troubling. 

Senator Sarbanes, do you have any other comments? 

Senator Sarbanes. I do not think so. 

Chairman Shelby. I want to thank the panel, all of you, for your 
time and your participation. We have a number of questions for the 
record, and we have some Members that are tied up in other hear- 
ings, and we will keep the record open for that. 

Mr. Fox, all of you, thank you very much. 

Senator Sarbanes. Mr. Chairman, I think, as they depart, we 
should leave them with a message that this is a matter which, I 
presume, the Committee intends to follow very closely, given its 
importance. 

Chairman Shelby. Absolutely. We have no choice in our over- 
sight, as we know. This is important, and we are expecting Mr. 
Fox, and we believe that he is going to be working with you very, 
very closely regarding this. 

Mr. Fox. We welcome that oversight, Mr. Chairman, Senator 
Sarbanes. Thank you. 

Chairman Shelby. Thank you very much, all of you. 

Our second panel will be Gaston Gianni, Jr., Inspector General, 
the Federal Deposit Insurance Corporation, and Ms. Davi 
D’Agostino, Director, Financial Markets and Community Invest- 
ments, General Accounting Office. 

I want to welcome the second panel. We appreciate your forbear- 
ance here today. We had some very important witnesses here, as 
you people know well. 

Mr. Gianni, we will start with you. Your written testimony has 
been made part of the record. And without objection, you proceed 
as you wish. 



32 


STATEMENT OF GASTON L. GIANNI, JR. 

INSPECTOR GENERAL 

FEDERAL DEPOSIT INSURANCE CORPORATION 

Mr. Gianni. Thank you, Mr. Chairman. 

Mr. Chairman, Senator Sarbanes, and Members of the Com- 
mittee, I am pleased to testify before you today. We appreciate and 
thank the Committee for its interest in gaining a greater under- 
standing of how Government is combatting terrorist financing and 
money laundering. 

What I would like to do is just briefly summarize my testimony, 
having it included for the record. 

By way of perspective, the FDIC Chairman’s testimony indicated 
that FDIC has conducted almost 11,000 Bank Secrecy examina- 
tions since 2000. Over the past several years, in line with our 
responsibilities under the Inspector General Act, my office has con- 
ducted three audits that address the FDIC’s efforts to design and 
implement a supervisory program to examine institutions’ compli- 
ance with provisions of the Bank Secrecy and then more recently 
the USA PATRIOT Act. 

Overall, these audits identified that the Corporation has taken 
steps to implement a risk-focused approach to examinations. How- 
ever, improvements were needed. I am pleased to report to you this 
morning that the Corporation has corrective actions completed or 
in process to address all of our recommendations. 

We issued our first report, the “Examination Assessment of Bank 
Secrecy Compliance Act,” in March 2001 and concluded that, first, 
examiners did not adequately document their Bank Secrecy exam- 
ination planning and procedures; second, examiners did not consist- 
ently document the work they performed in risk-scoping as 
required by the Corporation; and, last, the examiners were not tak- 
ing full advantage of the information that was available at 
FinCEN. 

We made recommendations to enforce the documentation re- 
quirements and to make fuller use of the information at FinCEN. 

We issued our second report in September 2003, related to our 
review of whether FDIC had developed and implemented adequate 
procedures to examine financial institutions’ compliance with the 
USA PATRIOT Act. We focused on Title III of the Act, which ad- 
dressed anti-money laundering measures and currency crimes and 
protection. 

The Division of Supervision and Consumer Protection had ad- 
vised the FDIC-regulated institutions of the new Title III require- 
ments in cases where the Department of the Treasury had issued 
final rules implementing Title III provisions, but had not estab- 
lished guidance for their examiners. The Corporation was either co- 
ordinating the issuance of uniform procedures with an interagency 
steering committee or waiting for Treasury to issue additional final 
rules. This delay was of particular concern for Title III provisions 
addressing money laundering deterrents and verification of cus- 
tomer identification. 

Again, we recommended that FDIC issue interim guidance and 
procedures and then work closely with their interagency counter- 
parts to ensure timely issuance of final guidance. 



33 


Our most recent audit related to Bank Secrecy focused on actions 
taken by FDIC in its supervisory capacity to ensure that FDIC-su- 
pervised institutions implemented effective corrective actions to 
BSA violations. 

Of the over 5,600 institutions that the FDIC supervised during 
the time period of our audit, which would cover the time period of 
1997 through the year 2003, approximately 47 percent of the insti- 
tutions had been cited at least one time for a BSA violation. Those 
violations included citations for not complying with Treasury re- 
quirements, as well as the FDIC’s policies and procedures as to 
how a program is supposed to be developed. 

In those institutions where violations were cited, 458 — approxi- 
mately 17 percent — had been cited for repeat Bank Secrecy viola- 
tions. Our audit results raised concerns related to four general 
areas: The extent of regulatory action on significant and repeat vio- 
lations; the consistency of reporting of deficiencies and violations; 
the timing of follow-up and corrective actions taken by the institu- 
tions; and then handling of those referrals to the Department of 
the Treasury. 

Our audit showed a high rate of significant and repeat violations, 
many of which were not subject to regulatory actions. Our sample 
included 27 institutions with repeat violations. Of those 27 institu- 
tions, 17 — 63 percent — were not subject to regulatory action for 
their repeat violations, although other supervisory efforts such as 
follow-up correspondence to bank management and visitations may 
have been in progress. Of the 10 institutions that were subject to 
regulatory actions, only one was subject to a cease-and-desist order 
and the other 9 were subject to informal actions. 

Not all Bank Secrecy deficiencies that the Corporation’s exam- 
iners described in their reports were cited as violations in the re- 
ports and tracked in the FDIC information systems. Such defi- 
ciencies may receive less attention from bank management or in 
FDIC’s follow-up system. 

In many instances, the Corporation followed up or pursued regu- 
latory action for certain violations before the next examination or 
received evidence from bank management, FinCEN, or others that 
the violation had been corrected. 

However, for nearly one-third of the 82 reports that we reviewed, 
examiners waited until the next examination to follow up on some 
or all of the Bank Secrecy violations. 

In some cases, more than 1 year, and up to 5 years, passed be- 
fore bank management took corrective action that was effective or 
before the FDIC applied regulatory actions. About two-thirds of the 
violations sampled took longer than 1 year to correct. 

FDIC’s policy of alternating examinations with State regulatory 
agencies also contributed to this time lag. Specifically, 45 of the 72 
exam reports that we reviewed from State regulatory agencies did 
not address Bank Secrecy compliance. These were the institutions 
that had violations. We reviewed the State reports. They did not 
cite any specific information regarding the Bank Secrecy violations. 
Therefore, the FDIC could not rely on those exams. Consequently, 
follow-up by the FDIC did not occur until the next examination; 
generally, 2 to 3 years after the violations were initially filed. 



34 


While many institutions had been cited for BSA violations, there 
were only 34 referrals to the Treasury Department during this pe- 
riod. Most of these referrals were made by one FDIC regional of- 
fice. We determined that when a referral to the Treasury Depart- 
ment had been made, Treasury had taken action. 

Based on our work and in light of the increased Congressional 
interest in BSA compliance and emphasis on national security con- 
cerns, we have made recommendations that the Corporation re- 
evaluate and update its examination guidance to help ensure ade- 
quate examiner follow-up and timely corrective action by bank 
management; discuss and update the referral policy with the 
Treasury Department; encourage State coverage of Bank Secrecy 
Act compliance; and develop alternative procedures to compensate 
for the lack of State coverage. 

Looking ahead, Mr. Chairman, there are key questions that 
FDIC should consider in conjunction with the Treasury Depart- 
ment and the other financial regulators as it looks to improve the 
Bank Secrecy program. 

First, is risk-scoping Bank Secrecy examinations and follow-up 
still the most effective approach to uncovering money laundering 
and terrorism financing? 

Second, are the policies and procedures for reporting certain cash 
transactions and Bank Secrecy violations to the Treasury Depart- 
ment, some of which date to the early 1990’s, currently effective? 

And, last, is the information reported to FinCEN by financial in- 
stitutions and regulators effectively evaluated and does it ulti- 
mately result in timely preventive actions? 

Mr. Chairman, we appreciate the opportunity to participate in 
these hearings. We are prepared to assist in addressing these 
issues and have additional audits planned in this area. 

I would be pleased to answer any questions that you may have. 

Chairman Shelby. Thank you. 

Ms. D’Agostino. 

STATEMENT OF DAVI M. D’AGOSTINO, DIRECTOR 
FINANCIAL MARKETS AND COMMUNITY INVESTMENT 
U.S. GENERAL ACCOUNTING OFFICE 

Ms. D’Agostino. Thank you, Mr. Chairman, Ranking Member 
Sarbanes, and Members of the Committee. 

I am very pleased to be here today before you and along with the 
FDIC IG on this panel to discuss a number of issues concerning 
Federal regulators’ oversight of banks, thrifts and credit unions for 
Bank Secrecy Act or BSA compliance, and our ongoing work for 
this Committee on this matter. 

Several recent cases imposing large civil money penalties on de- 
pository institutions have increased attention on industry compli- 
ance with, and Government enforcement of, the BSA. My oral 
summary will focus on, one, selected recent enforcement actions 
taken against depository institutions for BSA violations, and two, 
the scope and approach of our ongoing work that we are doing for 
this Committee on BSA examinations, violations identified and the 
various levels of enforcement and penalties imposed for them. 

First, in the last few years and as recently as last month, the fi- 
nancial regulators, FinCEN and the Courts have taken actions 



35 


against a number of depository institutions for significant BSA vio- 
lations. Recent enforcement actions show that various types of de- 
pository institutions have had BSA violations. These actions also 
raise the issue of the timeliness of the identification of the BSA vio- 
lations and the enforcement actions taken by the regulators. For 
example, an individual who was later convicted of money laun- 
dering offenses had apparently deposited $21 million in cash at 
Banco Popular de Puerto Rico, between 1995 and 1998. The bank 
had not investigated or reported this activity to FinCEN or to law 
enforcement until 1998, years after the suspicious activity had 
taken place. 

In 1999, the bank’s regulator expanded its examination scope for 
BSA compliance based on information it received from law enforce- 
ment. Its findings then led to Justice, FinCEN, and the bank regu- 
lator, imposing penalties and entering into a deferred prosecution 
agreement with the bank. These actions were all taken for vio- 
lating the BSA’s suspicious activity reporting requirement. 

More recently Riggs Bank was assessed a $25 million civil money 
penalty for BSA violations including the failure to maintain an ef- 
fective BSA compliance program and failure to monitor and report 
large transactions involving foreign embassies. Although OCC, 
Riggs’ regulator, testified yesterday and again today that they had 
identified the problems early on, apparently as early as 1997, and 
used supervisory measures in efforts to get improvement at the 
bank, these efforts in this case proved to have limited effect. 

In 2003, OCC deemed the bank to be systemically deficient and 
the bank entered into a consent order. In 2004, when the bank still 
was not in full compliance, they were assessed the penalty. 

In recent years, we have issued a number of reports dealing with 
regulatory oversight of AML activities, anti-money laundering ac- 
tivities, of financial institutions, and my written statement that 
has been submitted for the record goes into more detail on those. 
Our statement also highlights some of the work done by the IG’s, 
the Inspectors General, on which we are relying quite heavily to 
help us get up the curve to do the massive amounts of work that 
we are doing for you in your most recent December request. 

Our current work is actually the most comprehensive review we 
think that we have done at GAO on BSA issues. In that work our 
primary objectives are to determine first, how the five regulators’ 
risk-focused examinations assess BSA compliance; second, the ex- 
tent to which the regulators identified BSA and AML violations 
and take supervisory actions; and third, the consistency of BSA 
compliance examination procedures and the interpretation of viola- 
tions across the regulators. 

To answer these questions we plan to review the reliability of the 
data systems that the regulators use to track the violations them- 
selves. As FDIC’s IG’s work has pointed out, there are some prob- 
lems with the systems and what data is included and not included 
by the examiners in the database that is used. 

Second, from the samples we plan to pull from all of the regu- 
lators of BSA compliance examinations over a 4-year period, we 
plan to analyze the work papers, and this will allow us to deter- 
mine the following things: The areas the exams did and did not 
cover, the nature of BSA violations identified, whether or not the 



36 


regulators somehow curtailed their BSA compliance exams, and the 
basis for the decisions to do so. We are also going to be tracking 
the supervisory actions taken to correct violations that have been 
identified, and we will examine the ramifications, if any, of Treas- 
ury not delegating authority to the bank regulators to assess BSA 
compliance penalties as mandated by statute in 1994. 

We are also in the process of putting together a picture of the 
statutory authorities, the players and the layers of types of viola- 
tions and enforcement actions, and the penalties, including when 
they are civil and when they are criminal. I hear a lot of confusion 
at each of these hearings that we are monitoring over the spring 
over what is a deficiency versus what is a violation? What is a rec- 
ordkeeping violation versus a program violation? We hope to sort 
through all of that and review when certain kinds of penalties 
make sense. We are working with Justice, the bank regulators and 
Treasury to try to tease that out and make some sense of it as well 
as wade through all of the various legislation and authorities that 
are in place. 

With that said, Mr. Chairman, Ranking Member Sarbanes, I will 
conclude my statement and will answer any questions you have of 
us. 

Chairman Shelby. The General Accounting Office has prepared 
a number of reports on money laundering and terrorist financing 
over the years. Do you believe that there are systemic problems 
that resulted in Riggs case being unaddressed for so many years? 
You heard the testimony earlier. You know the case. A lot of years. 

Ms. D’Agostino. Yes. It did seem to go on for quite some time. 
From the pieces that we are putting together from the testimonies 
of the OCC representatives, it appears that OCC was trying to 
“push on a string” at Riggs with the bank’s management, and when 
you push on a string, you don’t get resistance and you don’t make 
progress. It seems as if it did last a long time. 

Whether or not it is systemic, I do not think that we can say 
today. We hope that our work for the Committee will provide some 
insight into that question. 

Chairman Shelby. Would you say it is lack of due diligence 
then? 

Ms. D’Agostino. OCC was aware and trying to work with the 
bank’s management. 

Chairman Shelby. Well, they were trying, but were they 

Ms. D’Agostino. They were pushing on the string. 

Chairman Shelby. I love your phrase. 

Ms. D’Agostino. Yes. And it is very frustrating. 

Chairman Shelby. You have tried to push one, have you not? 

Ms. D’Agostino. Yes, sir. 

Chairman Shelby. Senator Sarbanes. 

Senator Sarbanes. I want to follow up the Chairman’s question 
right there on whether there was a problem with the system. In 
the Banco Popular case which you cited, there eventually was a 
settlement in that case, correct? 

Ms. D’Agostino. There was a deferred prosecution. It was one of 
the early uses by Justice, I think, of this interesting tool. 

Senator Sarbanes. But the settlement agreement indicated, and 
I am now quoting from it, “During the period of 1995 through 1998, 



37 


the Federal Reserve, through the Federal Reserve Bank of New 
York, conducted four examinations of Banco Popular. These exami- 
nations did not contain any criticism of Banco Popular’s BSA com- 
pliance policies or procedures.” And apparently they only noticed it 
when the Fed got a tip from a Federal law enforcement official, and 
ordered a special targeted examination of the bank. 

I ask the Chairman if I could ask that question right now. 

Chairman Shelby. You can. 

Senator Sarbanes. Because it follows up exactly on his point. I 
mean there is something wrong. The system is not working right, 
is it? 

Ms. D’Agostino. It is not working swiftly from the appearance 
of these two cases, and I think the FDIC IG’s work indicates it can 
take a long time to go through the supervisory process of trying to 
take informal and formal supervisory action, sometimes without 
much effect. 

Yet at the same time — again — there is much we do not know, be- 
cause we are still doing our work. For example, we do not know 
to what extent informal supervisory actions have been effective and 
timely. So, I think by starting with these cases which are very en- 
lightening, we still may be missing the whole picture. Some of the 
things that we can learn by looking at more closed cases for the 
Committee, is how this layering of authorities, layering of players, 
and interaction between bank regulators and law enforcement, fits 
together and works — not only where it breaks down but also where 
it may work well. That is what we hope to get at in our systematic 
review of the regulators’ data and through sampling exams for the 
Committee. 

Chairman Shelby. Mr. Gianni, how could the FDIC better use 
its supervisory and enforcement authority, which they have a lot 
there, to address BSA violations? Is BSA violations deemed an im- 
portant mission at the FDIC, and if not, why not? 

Mr. Gianni. I think after today’s hearing, I believe it is a priority 
within the Corporation. I think that clearly the work of my office 
would lead me to say that the examiners, the evidence would show 
that the examiners were in fact identifying problems. The issue be- 
came what happened after the identification? How hard did we 
push to get the problems resolved? What was the management sup- 
port? This morning, Chairman Powell said that if you do not have 
the culture and you do not have the tone at the top, if I might use 
a phrase, to say that this is important, you tend to try to go after 
the approach that will have the least impact in disrupting the rela- 
tionship with the institution. So you take the least aggressive ac- 
tion first. And if they do not follow through on that, then you go 
up a step. That takes time. Then if they do not take action on the 
second time, you go up to the last or cease and desist. 

So it takes time to go through this process of increased regu- 
latory action. I think we need to, the Corporation needs to reexam- 
ine at that. 

Chairman Shelby. Is it troubling to both of you that in the Riggs 
situation, the second report that I talked about later was almost 
always ignored, the BSA, bank suspicious activity report? They 
filed the transaction report, but they did not do the other one. 

Ms. D’Agostino. The SAR. 



38 


Chairman Shelby. Is that troubling? 

Ms. D’Agostino. Yes, it is. Although we do know from our pre- 
vious work, that banks spend a lot of time doing their own inves- 
tigation before they put together one of these reports. And again, 
I am not familiar with all of the facts and circumstances sur- 
rounding, for example, the Saudi account case, and whether or not 
this activity was unusual or suspicious for the Saudi account. It 
could have been routine that they pulled and moved millions of dol- 
lars in and out every day from their accounts. We just do not know 
enough about it. 

Chairman Shelby. But you are studying it closely. 

Ms. D’Agostino. We are. We are watching it every day. We are 
not going to be able to get all the details until cases are closed, and 
so that makes our job a little more difficult. 

Chairman Shelby. How often are banks, ma’am, examined? In 
other words, have the regulators adhered to their examination 
cycle with respect to the Bank Secrecy Act enforcement? 

Ms. D’Agostino. We have not gotten that far yet in our work, 
but we will include this question in our scope. 

Chairman Shelby. Is that not an important question? 

Ms. D’Agostino. Sure. How often do they go in and look at BSA 
compliance? 

Chairman Shelby. Will you be addressing this in your ongoing 
study at the General Accounting Office? 

Ms. D’Agostino. Sure. That will be one of many factors. 

Chairman Shelby. Mr. Gianni. 

Mr. Gianni. Mr. Chairman, I can report that the Corporation, is 
complying with the statute of ensuring that banks are examined at 
least every 18 months, and in some cases every year. 

Chairman Shelby. What about information sharing with regard 
to the Federal Deposit Insurance Corporation? If you just briefly 
tell the Committee the normal process which by FDIC information, 
the way they work the Bank Secrecy Act compliance, is shared 
with the other agencies like Treasury and anybody else. 

Mr. Gianni. There are a number of committees and groups that 
address bank secrecy type issues. I do not think there is a com- 
prehensive process in place currently to share the information as 
it relates to bank secrecy and to pull all of this information to- 
gether to see whether there are trends, anomalies, or issues that 
need to be addressed. 

I think first of all, all of the information that we accumulate 
within the Corporation is not passed on to FinCEN, and so with 
FinCEN’s greater responsibility and the will to bring the regulators 
together, I think it is a good first step that the Committee has 
achieved. The parties can begin to better share information to see 
whether information that is housed within the FDIC is similar to 
information that is housed in one of the other regulatory agencies. 
Again, it is not unlike what is going on between the CIA and the 
FBI now as it relates to our intelligence sharing. 

Chairman Shelby. But it is very important in both instances to 
share information. 

Mr. Gianni. I would agree with you, sir, and I think what hap- 
pened, sir, is that when September 11 tragically occurred, we had 
a sea change of priorities within our country, and we had the pas- 



39 


sage of the USA PATRIOT Act, but I believe that the risks associ- 
ated to that, or potential risks associated to that were underesti- 
mated by the bank regulators. It is now being recognized that it 
is a part of our national defense, and I believe that the regulators 
will have the will and commitment to step up and to address these 
issues in a unified manner. 

Chairman Shelby. Both of you, you at the FDIC as Inspector 
General, and you at the General Accounting Office are continuing 
to work in this area. What are some of the steps you are into? 

Ms. D’Agostino. One of our major efforts relates to assessing the 
systems that each regulator has and the separate sets of data that 
are housed in their own IT units. We are going to have to go 
through all of them — luckily FDIC has done some work ahead of 
us on that — and try to get a good fix on what kind of data are and 
are not included. We will design our work around the systems and 
the data available within them, and check the reliability of them. 

That is what we are involved in right now. It is basically an 
audit within an audit, to see how reliable the information is before 
we use it to report to you information and analysis. That is a big 
piece of our undertaking for the Committee. 

Again, we are looking at the authorities and the penalties and 
how it all works in practice. 

Chairman Shelby. Thank you. 

Mr. Gianni. Mr. Chairman, I think we are going to work closely 
with the GAO. We do not want to duplicate. We want to try to 
identify how we can complement the GAO in its efforts to try to 
address the request from the Committee. 

There are several areas where I think that we could make a con- 
tribution. Clearly, I think that this practice of risk focusing might 
be appropriate for the initial go-round, but risk focusing for follow- 
up action may not be the appropriate way. So, we need to think 
a bit more about risk scoping and how that applies to bank secrecy. 

Second, I think clearly the agencies are concerned about regu- 
latory burden. Having said that, we have to think through how we 
have gone about implementing the various laws and regulations, 
and to see whether there may be a streamlined way of still accom- 
plishing the legislative objectives that were set out by the Con- 
gress, yet, doing it in a much more efficient way. The Corporation 
has a process working with the other regulators to look at that. 

The last thing I would like to talk about is — it was raised this 
morning — I think I would like to look at the Hudson case to see 
the similarities that might exist, and just pursue that from an in- 
tellectual standpoint to see if there are some lessons learned that 
we might be able to help the Corporation on. 

Chairman Shelby. You are in a position to do that. 

Mr. Gianni. Yes, I am, sir. 

Chairman Shelby. And I hope you will. To both of you, will you 
hopefully finish your work in this area before the year is out? This 
is just June 1. I know it is a big undertaking, but it is an impor- 
tant and timely undertaking. You cannot put a calendar day on it. 

Ms. D’Agostino. We have not yet committed to a date to the 
Committee for issuing our final report. We are considering whether 
there might be ways where we could report on an interim basis on 



40 


different pieces of this fairly large request you have made of us, so 
that you do not have to wait so long to receive our results. 

Chairman Shelby. Sure. We appreciate that. 

Could you both briefly expand on comments regarding the vul- 
nerability of the risk-based approach to the oversight process? For 
example, when you determine what constitutes suspicious activity, 
is that pretty subjective? You have criteria to go by, you have to 
have something that triggers something at the regulatory agencies? 

Mr. Gianni. There are certainly guidelines out that have been 
written to help the examiners, but it is judgment. It comes down 
to judgment. When you have judgment being made 

Chairman Shelby. Critical evaluation of something. 

Mr. Gianni. It is a critical judgment. When you have those types 
of critical judgments being made within a framework, it is impor- 
tant to make sure those judgments get reviewed not only on an in- 
dividual basis, but also on a collective basis to see if there are 
areas where we can help refine the guidance, further improve the 
guidance, so stronger and better judgments are made in the future. 

Chairman Shelby. Do you believe that the regulatory structure 
we have today, if used diligently, would be sufficient in the future, 
or do we need to look somewhere else? 

Mr. Gianni. I personally think that the bank regulators, working 
together, can accomplish what needs to get accomplished. 

Chairman Shelby. Is the Riggs case a wake-up call and some of 
the others, hopefully? 

Mr. Gianni. I believe Riggs is a wake-up call, as well as the fact 
that the Committee has seen fit to have oversight. I personally do 
not underestimate the power of Ccongressional oversight. 

Chairman Shelby. Do you have a comment? 

Ms. D’Agostino. I agree with the FDIC IG. I think training and 
keeping up to date on the most current approaches by the money 
launderers and terrorist financiers, and anything that law enforce- 
ment could help put together to better inform the examiners would 
be useful too. But I am not sure that structure is the only issue. 
I do think that the leadership, the oversight, and that tone at the 
top, as Mr. Gianni pointed out, are very important in keeping at- 
tention properly focused on AML. 

Chairman Shelby. You both have your hands full, but we appre- 
ciate the job you are doing and the attitude that you have, and we 
will have you back before the Committee. 

Thank you very much for the work and your commitment. 

Ms. D’Agostino. Thank you. 

Mr. Gianni. Thank you, Mr. Chairman. 

Chairman Shelby. The hearing is adjourned. 

[Whereupon, at 12:10 p.m., the hearing was adjourned.] 

[Prepared statements, response to written questions, and addi- 
tional material supplied follows:] 



41 


PREARED STATEMENT OF SENATOR WAYNE ALLARD 

I would like to thank Chairman Shelby for holding this hearing to examine the 
enforcement of the Bank Secrecy Act. Since 1970, the Bank Secrecy Act has been 
an important tool the Government uses to combat money laundering and the financ- 
ing of terrorism. This statute has taken on even more significance through the USA 
PATRIOT Act as the international monetary system has been manipulated by ter- 
rorists. The Act requires all financial institutions to maintain records and file re- 
ports that are used in criminal, tax, or regulatory investigations and proceedings. 
Seeing that these requirements are met is a daunting task, yet critical to the ulti- 
mate safety of people around the world. 

The Committee has held three oversight hearings on terror financing this year, 
which I believe have helped initiate significant improvements to the existing 
counterterror finance programs within the Treasury Department. I look forward to 
today’s discussion on the specific procedures on how suspicious activities and trans- 
actions are detected, and more particularly, how they are dealt with when they are 
found. That is where there have been problems in recent months and it is vital that 
we determine how to catch money launderers in a timely fashion. An effective way 
to track down terrorists is by tracing their financial transactions, and so I look for- 
ward to progress made in this area. 

I would like to thank our witnesses for coming to testify and look forward to hear- 
ing how your offices enforce the Bank Secrecy Act. 


PREPARED STATEMENT OF SENATOR JIM BUNNING 

Thank you Mr. Chairman for holding this very important oversight hearing and 
I would like to thank all of our witnesses here today. 

Like many Americans, I was very surprised to hear the reports out of Iraq of our 
soldiers finding large sums of U.S. currency in a country that our Nation has im- 
posed sanctions upon. I was even more surprised to find out that the cash was 
traced directly to the New York Federal Reserve. I was somewhat relieved to find 
out the New York Fed did nothing wrong in this particular instance, though I am 
concerned some of our allies were skirting our sanctions. However, when the Fed 
investigated the cash in Iraq, they uncovered many serious problems in the Ex- 
tended Custodial Inventory Program. The program, which was set up to ensure a 
supply of currency and recover and replace worn out currency, showed some very 
disturbing abuses. UBS, who ran the program in Switzerland, falsified documents 
and sent currency to countries on our sanctions list. 

Equally disturbing were the reports of the Riggs bank scandal. Riggs was skirting 
Bank Secrecy Act procedures, and moving large sums of cash without making Sus- 
picious Activity Reports or SAR’s. SAR’s are not something that are that obscure. 
They were even mentioned on an episode of the Sopranos. Surely a banker would 
know to file them. The only conclusion could be that the SAR’s were knowingly not 
filed. The OCC has recently fined Riggs $25 million. But I am very concerned why 
the Riggs scandal lasted as long as it did. And I want to make sure this type of 
problem does not happen again. 

There seemed to be a lapse in oversight by the regulators in both of these cases. 
I am glad all of the regulating agencies are represented today so we can find out 
their take on the Bank Secrecy Act and the USA PATRIOT Act and if they believe 
any of their regulated institutions are involved in similar practices. I would like to 
know, if the Fed and OCC, without jeopardizing any possible investigations, can you 
tell us if there are any other similar problems out there on the horizon in the other 
institutions you regulate. 

I would also like to know from all of you, what you think of the Bank Secrecy 
Act and the USA PATRIOT Act. Should they be expanded or contracted. Where and 
how can they be improved? Do they need to be tweaked or overhauled? We must 
make sure we are making the best use of our resources to ensure we are doing 
whatever we can to choke off the financial lifeblood to terrorists. We can and must 
do better. Too much is at stake. 

Once again, thank you Mr. Chairman for holding this hearing and I thank our 
witnesses for testifying today. Hopefully we can get to the bottom of this. 



42 


PREPARED STATEMENT OF SUSAN S. BIES 

Member, Board of Governors of the Federal Reserve System 
June 3, 2004 

Mr. Chairman, thank you for the opportunity to appear before the Senate Com- 
mittee on Banking, Housing, and Urban Affairs to discuss the Federal Reserve’s 
participation in efforts to combat money laundering and terrorist financing. The 
Federal Reserve and the other Federal financial institutions supervisory agencies 
play a critical role in these efforts, and the Federal Reserve is actively engaged in 
a number of initiatives to refine and strengthen examination protocols in this area 
and to effectively deploy resources to prevent, identify, and address problems at the 
banking organizations supervised by the F ederal Reserve. 

In my remarks today, I will describe for you some of the important steps we are 
taking to fulfill our supervisory mission, to guide the institutions we supervise, and, 
in cooperation with the other banking and financial services regulators and the 
Treasury Department, to make every effort to use our supervisory tools to enhance 
the banking industry’s role in preventing and detecting money laundering and 
terrorist financing. The Federal Reserve’s anti-money laundering program is multi- 
faceted. It involves work in bank supervision, applications, enforcement, investiga- 
tions, training, coordination with the law enforcement and intelligence communities, 
and rule writing. This morning, I will touch on some of these aspects of the Federal 
Reserve’s anti-money laundering program, but will concentrate on bank supervision 
efforts and enforcement matters. 

I would like to begin with a few words about the Federal Reserve’s supervisory 
philosophy in this area. The Federal Reserve has long shared Congress’s view that 
financial institutions and their employees are on the frontline of the effort to combat 
illicit financial activity. The Federal Reserve believes that the banking organizations 
it supervises must take every reasonable step to identify, minimize, and manage 
any risks that illicit financial activity may pose to individual financial institutions 
and the banking industry. Accordingly, the Federal Reserve has required the finan- 
cial institutions it supervises to put in place appropriate controls and risk manage- 
ment mechanisms, and has also devoted extensive resources to issuing guidance on 
legislative and regulatory requirements and sound banking practices, as well as to 
coordinating supervisory efforts with other agencies. In addition, the Federal Re- 
serve uses its enforcement authority, where necessary, in the event that serious 
problems or risks cannot be satisfactorily addressed in the supervisory process. 

Supervisory Strategy and Procedures for Anti-Money Laundering 
and Counter Terrorist Financing 

It has been our longstanding policy that Federal Reserve supervisors incorporate 
a Bank Secrecy Act compliance and anti-money laundering program component into 
every safety and soundness examination conducted by a Reserve Bank. This means 
that on a regular examination cycle, examiners seek to determine if a banking orga- 
nization’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance 
programs are satisfactory and are commensurate with the organization’s business 
activities and risk profiles. Examinations are conducted at the State member banks, 
bank holding companies, Edge Act corporations, and U.S. branches and agencies of 
foreign banks supervised by the Federal Reserve. Every Reserve Bank has BSA/ 
AML specialists and coordinators on its staff, and, since the late 1980’s, the Board 
has had an anti-money laundering program in its supervision division overseen by 
a senior official. Simply put, Bank Secrecy Act and anti-money laundering compli- 
ance has for years been an integral part of the bank supervision process at the Fed- 
eral Reserve. Furthermore, the Federal Reserve’s enforcement program has a strong 
history of addressing both anti-money laundering and safety and soundness prob- 
lems in formal actions, where necessary. While the number of actions may fluctuate 
somewhat from year to year, the Federal Reserve’s exercise of its enforcement au- 
thority has been consistently strong and timely. 

The Federal Reserve supervision process includes both on-site examinations and 
off-site surveillance and monitoring. The Federal Reserve generally conducts an on- 
site examination of each bank it supervises once every 12 to 18 months, and at each 
examination staff reviews the institution’s anti-money laundering procedures and its 
compliance with the Bank Secrecy Act, as amended by the USA PATRIOT Act and 
new Treasury regulations. For large, complex banking organizations, the safety and 
soundness examination process is continuous, and anti-money laundering and BSA 
compliance is incorporated into examinations conducted throughout the year. The 
Federal Reserve always includes BSA/AML examinations in the supervisory strat- 
egy for every banking organization we supervise. 



43 


A key component of anti-money laundering examinations is the institution’s com- 
pliance with the BSA compliance program requirement. The Federal Reserve and 
the other Federal banking agencies have compliance program requirements for insti- 
tutions they supervise. In general, the rules require a bank to establish, maintain, 
and document a program that includes: 

• a system of internal controls to ensure ongoing compliance with the BSA, 

• independent testing of the bank’s compliance with the BSA, 

• training of appropriate bank personnel, and 

• the designation of an individual responsible for coordinating and monitoring day- 

to-day compliance with the BSA. 

The Federal Reserve works to ensure that the banking organizations we supervise 
understand the importance of having in place an effective anti-money laundering 
program. When a Reserve Bank conducts a BSA/AML examination of a banking or- 
ganization under its supervision, the four components of the program establish the 
framework for the examination. To properly evaluate the effectiveness of a banking 
organization’s anti-money laundering program, the Federal Reserve has developed 
comprehensive examination procedures and manuals, and regularly provides train- 
ing for its examiners. The BSA/AML examination procedures are currently under 
revision to reflect newly issued regulations under the USA PATRIOT Act. 

The Federal Reserve’s BSA examinations are risk-focused. While a “core” BSA ex- 
amination is required of all banking organizations, risk-focused procedures allow ex- 
aminers to apply the appropriate level of scrutiny to higher-risk business lines, 
where necessary, and alleviate burden where high-risk products or customers are 
not present. In other words, a small State member bank with a low-risk customer 
base receives a considerably different and less burdensome BSA/AML examination 
than a large, complex banking organization with international operations. 

The Examination Process 

During every safety and soundness examination of banking organizations under 
Federal Reserve supervision, bank examiners specially trained in BSA requirements 
review the institution’s previous and current compliance with the BSA. Examiners 
first determine whether the institution has included BSA/AML procedures in all of 
its operational areas, including retail operations, credit, private banking, and trust, 
and has adequate internal control procedures to detect, deter and report money 
laundering activities, as well as other potential financial crimes. As part of such an 
examination, bank examiners also review an institution’s fraud detection and pre- 
vention capabilities, and its policies and procedures for cooperating with law 
enforcement (whether through responding to subpoenas, acting on information re- 
quests under Section 314 of the USA PATRIOT Act, or otherwise). 

Our supervision policy guidance in this area requires that examiners also conduct 
a review of the databases of Suspicious Activity Reports (SAR’s) and Currency 
Transaction Reports (CTR’s) to determine if the banking organization that is about 
to be examined has filed such reports and that they appear complete and timely. 
Examiners are not doing this to count the number of SAR’s and CTR’s, to compare 
their findings against other institutions, or to base any criticisms solely on a numer- 
ical count, but rather to make sure, for example, that the bank or U.S. branch of 
a foreign bank understands its obligations in this critical area and has taken steps 
to fulfill its responsibilities by filing timely and accurate reports with law enforce- 
ment and bank regulators. 

The on-site examination begins as a review of the institution’s written compliance 
program and documentation of self-testing and training, as well as a review of the 
institution’s system for capturing and reporting certain transactions pursuant to the 
Bank Secrecy Act, including any suspicious or unusual transactions possibly associ- 
ated with money laundering or other financial crimes. Transaction testing is gen- 
erally conducted to verify these systems. 

In those instances where there are deficiencies in the BSA/AML program, includ- 
ing failures to adequately document self-testing or training, obvious breakdowns in 
operating systems, or failures to implement adequate internal controls, the Federal 
Reserve’s examination procedures require examiners to conduct a more intensified 
second-stage examination that would include the review of source documents and 
expanded transaction testing, among other steps. 

There is an important correlation between the areas covered by a BSA/AML ex- 
amination and an institution’s overall risk management and internal controls. Thus, 
bank examiners take into account an organization’s enterprise-wide corporate gov- 
ernance mechanisms and how they are applied. The Federal Reserve’s bank exam- 
iners are able to apply a broad perspective and depth of organizational knowledge 
to the area of BSA/AML and to coordinate with examination and analytic staff to 



44 


ensure that the safety and soundness and BSA/AML examinations are integrated 
and comprehensive. The Federal Reserve has found that there is an important syn- 
ergy gained by integrating the safety and soundness and BSA/AML supervisory 
processes. 

Enforcement Actions 

The Federal Reserve focuses significant resources on the prevention and early res- 
olution of deficiencies within the supervisory framework. When problems are identi- 
fied at a banking organization, they are typically communicated to the management 
and directors in a written report. The management and directors are requested to 
address identified problems voluntarily and to take measures to ensure that the 
problems are corrected and will not recur. Most problems are resolved promptly 
after they are brought to the attention of a banking organization’s management and 
directors. 

In some instances, however, examiners identify problems relating to anti-money 
laundering measures that are pervasive, repeated, unresolved by management, or 
otherwise of such serious concern that use of the Federal Reserve’s enforcement au- 
thority is warranted. If the problem does not require a formal action, the Reserve 
Banks have the authority to take informal, nonpublic supervisory action, such as 
requiring the adoption of an appropriate resolution by an institution’s board of di- 
rectors or the execution of a memorandum of understanding between an institution 
and the Reserve Bank. 

When informal action will not suffice, the Federal Reserve has authority to take 
formal, public enforcement action to compel the management and directors of a 
banking organization to address anti-money laundering and BSA compliance prob- 
lems. These actions include written agreements, cease-and-desist orders, and civil 
money penalties, and are legally enforceable in court. These actions are not dele- 
gated to the Reserve Banks, and are undertaken only with the concurrence of the 
Board’s General Counsel and the Board’s Director of the Division of Banking Super- 
vision and Regulation. Because these actions are public, they can have a significant 
impact on a banking organization, particularly one that is a public company. In de- 
termining whether formal action is appropriate, Federal Reserve staff considers all 
relevant factors, including the nature, severity, and duration of the problem, the an- 
ticipated resources and actions necessary to resolve the problem, and the respon- 
siveness of the directors and management. 

In cases where examiners have identified a violation of the compliance program 
requirement, the Federal banking agencies are bound by law to take formal enforce- 
ment action. The same law requiring the banking agencies to promulgate rules re- 
quiring the four-part compliance program that I discussed earlier provides that if 
an institution fails to establish and maintain the required procedures, or if it has 
failed to correct any previously identified problem with the procedures, then the 
agency must issue a formal action requiring the institution to correct the problem. 
The Federal Reserve takes this responsibility very seriously and has issued a num- 
ber of public actions against banking organizations in fulfillment of this statutory 
mandate. Federal Reserve staff exerts every effort to ensure that this statute is im- 
plemented consistently, and Board staff acts as a central coordinator for the exam- 
ination and enforcement staff at the different Reserve Banks. Over the past 3 years, 
for example, the Federal Reserve has taken approximately 25 formal, public enforce- 
ment actions addressing BSA/AML-related matters. Actions have been taken 
against large banking organizations as well as smaller ones — the one constant is 
that the examination process identified regulatory violations in the organizations’ 
compliance programs that, under the law, mandated the supervisory actions. 

In addition to taking action itself, the Federal Reserve may refer a BSA-related 
matter to Treasury’s Financial Crimes Enforcement Network (FinCEN) for consider- 
ation of an enforcement action based solely on BSA violations, rather than a pro- 
gram failure or issues relating to safety and soundness. Treasury has delegated to 
the Federal financial banking agencies the authority to examine for BSA compliance 
those institutions they normally examine for safety and soundness; however, Treas- 
ury has not delegated the authority to take an enforcement action, such as the as- 
sessment of a fine, for violations of the Bank Secrecy Act. 

Federal Reserve staff coordinates enforcement actions with other regulators or 
agencies, including in the area of anti-money laundering. If a banking organization’s 
problems involve entities supervised by different regulators, resolution of enterprise- 
wide problems may involve multiple enforcement actions. For example, the Office 
of the Comptroller of the Currency (OCC), FinCEN, and the Federal Reserve coordi- 
nated their recent enforcement actions against Riggs National Corporation; Riggs 
Bank, N.A.; and Riggs International Banking Corporation, the bank’s Edge Act sub- 
sidiary, to ensure consistency and concurrent resolution of open issues. The Federal 



45 


Reserve coordinates enforcement actions with State banking supervisors on a reg- 
ular basis, and enforcement actions involving operations of foreign banking organi- 
zations may be resolved in cooperation with supervisors abroad. In several recent 
matters, there was close coordination with the U.S. Department of Justice as well. 

The Applications Process 

Before I describe some more aspects of the Federal Reserve’s supervisory process, 
let me touch on a very important component of the Federal Reserve’s anti-money 
laundering process — the processing of applications and notices filed with the Board. 
The Federal Reserve has had a longstanding practice of considering an applicant’s 
compliance with anti-money laundering laws in evaluating various applications, in- 
cluding bank mergers and acquisitions of insured depositories by bank holding com- 
panies as well as applications filed by foreign banks to establish U.S. banking offices 
under the Foreign Bank Supervisory Enhancement Act. The USA PATRIOT Act in- 
cluded a provision memorializing our practice in the application area and required 
the Board to take into account the effectiveness of an applicant’s BSA compliance 
program when it considers applications under various laws. 

Under our longstanding protocols as well as the new law, every application matter 
considered by the Federal Reserve includes a BSA/AML compliance-related compo- 
nent whereby staff has to make specific judgments regarding an applicant’s compli- 
ance with the law in this important area. While I cannot, of course, comment on 
specific cases, I can report to you that Board staff has on some recent occasions ad- 
vised banking organizations considering expansion or other activities requiring the 
filing of applications with the Federal Reserve to concentrate instead on their BSA/ 
AML programs. While not the full equivalent of an enforcement action, I am sure 
that you can appreciate the fact that every banking organization that is seeking or 
planning on seeking Federal Reserve approval of an application makes every effort 
possible to ensure that its anti-money laundering program is considered to be fully 
satisfactory by examiners and that any deficiencies that may be identified are ad- 
dressed as expeditiously as possible. The applications process gives the Board a 
strong tool in the BSA/AML area. 

Guidance to Banking Organizations 

Turning back to the Federal Reserve’s normal supervision process, Board and Re- 
serve Bank supervisors seek to provide guidance to banking organizations to assist 
them to fully understand applicable regulatory requirements and what is expected 
by the regulators. While financial institutions are, of course, fully responsible for 
their own compliance, the supervisors play an important role in ensuring that regu- 
latory requirements are correctly understood and uniformly applied. This is particu- 
larly true in areas such as compliance with new regulations promulgated since the 
USA PATRIOT Act. 

The Federal Reserve views its supervisory role as including initiatives to enhance 
awareness and understanding by examiners throughout the Federal Reserve Sys- 
tem, by banking organizations under Federal Reserve supervision, and by the finan- 
cial industry at large. To promote a full understanding of anti-money laundering 
requirements, the Federal Reserve issues Supervision and Regulation letters, which 
are used to advise Reserve Bank supervisory staff, supervised institutions, and the 
banking industry about policy matters; provides on-going training to examiners; 
speaks regularly before the financial industry; and issues guidance in conjunction 
with other regulators and Treasury. These initiatives are meant to respond to or an- 
ticipate questions that arise regarding anti-money laundering requirements. The 
Federal Reserve is keenly aware of the resources that anti-money laundering and 
counter-terrorist financing requirements demand of financial institutions and be- 
lieves that it is our duty to assist them in meeting their obligations. 

Federal Reserve Resource Commitment 

The Federal Reserve’s BSA/AML function ranges from supervising and regularly 
examining banking organizations subject to Federal Reserve supervision for compli- 
ance with the BSA and relevant regulations, to requiring corrective action for 
detected weaknesses in BSA/AML programs, to enhancing money laundering inves- 
tigations by providing expertise to the U.S. law enforcement community, and to pro- 
viding training to U.S. law enforcement authorities and various foreign central 
banks and government agencies. Over the past 3 years, for example, Federal Re- 
serve experts in BSA/AML-related matters have participated in special reviews of 
funds transfers for Federal law enforcement and intelligence authorities, taught 
classes at FBI and Department of Homeland Security training academies, held sem- 
inars for central bank and foreign supervisory authorities in over 10 countries, in- 
cluding Botswana, Mexico, Russia, and the United Arab Emirates, and engaged in 



46 


discussions on AML-related matters at international fora such as the Basel Cross- 
border Group and the Financial Action Task Force on Money Laundering (FATF). 

Over the course of the past 10 plus years, the Federal Reserve’s anti-money laun- 
dering program has grown dramatically. From a senior official at the outset as- 
signed to coordinate the Federal Reserve’s BSA activities in the late 1980’s, to the 
creation and staffing in early 2004 of a new section within the Board’s Division of 
Banking Supervision and Regulation dedicated solely to anti-money laundering ef- 
forts (the Anti-Money Laundering Policy and Compliance Section), the Federal 
Reserve continues to commit a growing number of its resources to BSA/AML compli- 
ance. In 1993, the Federal Reserve System began the practice of designating a sen- 
ior examiner at each of the 12 Reserve Banks to serve as a Bank Secrecy Act coordi- 
nator for the BSA examiners at that Reserve Bank. The number of senior BSA ex- 
aminers throughout the System has grown tremendously, particularly since the en- 
actment of the USA PATRIOT Act and the increasing complexity of BSA examina- 
tions. The web of BSA examiners throughout the Federal Reserve System is brought 
together through a direct communication channel with the Board’s AML Policy and 
Compliance Section. This communication is an important tool for gathering exam- 
ination experiences and providing consistent guidance throughout the Federal Re- 
serve System. 

By any standard, the Federal Reserve has taken a leadership role in the U.S. 
Government’s and international banking and regulatory community’s anti-money 
laundering efforts. 

Supervisory Coordination 

Due to the complexity of financial institutions today, it is imperative that the Fed- 
eral Reserve coordinate with a long list of agencies on issues tied to the Bank Se- 
crecy Act. First, the Federal Reserve views the Department of the Treasury and 
FinCEN as important partners due to their leadership role in administering the 
Bank Secrecy Act. In addition, for a number of complex financial institutions, the 
Federal Reserve shares supervisory and regulatory responsibilities with the OCC, 
Federal Deposit Insurance Corporation, and the Office of Thrift Supervision at the 
Federal level, with the banking agencies of the various States, and with foreign 
banking authorities for the international operations of U.S. banks and the oper- 
ations of foreign banks in the United States. 

This network of partners requires a high degree of coordination. The regulatory 
authorities communicate constantly regarding BSA-related matters. For example, 
among bank regulators, there are a number of electronic systems in place that allow 
secure access to examination information. This allows regulators to monitor the sta- 
tus of organizations under their direct or indirect purview. It is also the Federal Re- 
serve’s practice to notify relevant functional regulators when a supervisory action 
may have impact on an institution subject to their supervision. 

In addition, bank regulators collaborate in the development of consistent examina- 
tion procedures and examiner training. The USA PATRIOT Act required a surge of 
rulemaking activity, and the Federal Reserve and its regulatory colleagues continue 
to advise Treasury as it completes this important work. 

Law Enforcement Coordination 

The Federal Reserve routinely coordinates with Federal and state law enforce- 
ment agencies with regard to potential criminal matters, including anti-money laun- 
dering and financial crime activities. This coordination may occur when the Federal 
Reserve takes action to address matters that are also addressed in a criminal pro- 
ceeding, when the financial condition of a bank is affected by a criminal matter, or 
when law enforcement draws on Federal Reserve staff expertise in its investigative 
work. The Federal Reserve maintains open channels of communication with law en- 
forcement, whether through interagency working groups or through informal staff 
level contacts. 

Conclusion 

The Federal Reserve believes that banking organizations should take reasonable 
and prudent steps to combat illicit financial activities such as money laundering and 
terrorist financing, and to minimize their vulnerability to risks associated with such 
activity. For this reason, the Federal Reserve’s commitment to ensuring compliance 
with the Bank Secrecy Act continues to be a high supervisory priority. The Federal 
Reserve has an important role in ensuring that criminal activity does not pose a 
systemic threat, and, as important, in improving the ability of individual banking 
organizations in the United States and abroad to protect themselves from illicit ac- 
tivities. 

Thank you again for inviting me today to explain the Federal Reserve’s work in 
this important area. 



47 


PREPARED STATEMENT OF JOHN D. HAWKE, JR. 

Comptroller of the Currency 
U.S. Department of the Treasury 

June 3, 2004 

Introduction 

Chairman Shelby, Ranking Member Sarbanes, Members of the Committee, I ap- 
preciate the opportunity to appear before you today to discuss the challenges we at 
the Office of the Comptroller of the Currency (OCC) — and other financial institution 
regulators — face in combating money laundering in the U.S. financial system, and 
how we are meeting those challenges. I will also address the enforcement actions 
in this area we have recently taken against Riggs Bank N.A. 

As the regulator of national banks, the OCC has long been committed to the fight 
against money laundering. For more than 30 years, the OCC has been responsible 
for ensuring that the banks under its supervision have the necessary controls in 
place and provide requisite notices to law enforcement to assure that those banks 
are not used as vehicles to launder money for drug traffickers or other criminal or- 
ganizations. The tragic events of September 11 have brought into sharper focus the 
related concern of terrorist financing. Together with the other Federal banking 
agencies, the banking industry, and the law enforcement community, the OCC 
shares the Committee’s goal of preventing and detecting money laundering, terrorist 
financing, and other criminal acts and the misuse of our Nation’s financial institu- 
tions. 

The cornerstone of the Federal Government’s anti-money laundering (AML) efforts 
is the Bank Secrecy Act (BSA). Enacted in 1970, the BSA is primarily a record- 
keeping and reporting statute that is designed to ensure that banks and other finan- 
cial institutions provide relevant information to law enforcement in a timely fashion. 
The BSA has been amended several times, most recently through passage of the 
USA PATRIOT Act in the wake of the September 11 tragedy. Both the Secretary 
of the Treasury, through the Financial Crimes Enforcement Network (FinCEN), and 
the Federal banking agencies, have issued regulations implementing the BSA, in- 
cluding regulations requiring all banks to have a BSA compliance program, and to 
file reports such as suspicious activity reports (SAR’s) and currency transaction re- 
ports (CTR’s). 

Due to the sheer volume of financial transactions processed through the U.S. fi- 
nancial system, primary responsibility for compliance with the BSA and the AML 
statutes rests with the Nation’s financial institutions themselves. The OCC and the 
other Federal banking agencies are charged with ensuring that the institutions we 
supervise have strong AML programs in place to identify and report suspicious 
transactions to law enforcement, and that such reports are, in fact, made. Thus, our 
supervisory processes seek to ensure that banks have systems and controls in place 
to prevent their involvement in money laundering, and that they provide the types 
of reports to law enforcement that the law enforcement agencies, in turn, need in 
order to investigate suspicious transactions that are reported. 

To accomplish our supervisory responsibilities, the OCC conducts regular exami- 
nations of national banks and Federal branches and agencies of foreign banks in 
the United States. These examinations cover all aspects of the institution’s oper- 
ations, including compliance with the BSA. Our resources are concentrated on those 
institutions, and areas within institutions, of highest risk. In cases of noncompli- 
ance, the OCC has broad investigative and enforcement authority to address the 
problem. 

Unlike other financial institutions, which have only recently become subject to 
compliance program and SAR filing requirements, banks have been under such 
requirements for years. For example, banks have been required to have a BSA com- 
pliance program since 1987, and have been required to file SAR’s (or their prede- 
cessors) since the 1970’s. Not surprisingly, most banks today have strong AML 
programs in place, and many of the largest institutions have programs that are 
among the best in the world. There are now approximately 1.3 million SAR’s in the 
centralized database that is maintained by FinCEN. While the USA PATRIOT Act 
further augmented the due diligence and reporting requirements for banks in sev- 
eral key areas, one of its primary objectives was to impose requirements on non- 
banking institutions that had long been applicable to banks. 

The OCC’s efforts in this area do not exist in a vacuum. We have long been active 
participants in a variety of interagency working groups that include representatives 
of the Treasury Department, law enforcement, and the other Federal banking agen- 
cies. We also work closely with the FBI and other criminal investigative agencies, 
providing them with documents, information, and expertise on a case-specific basis. 



48 


In addition, when we are provided with lead information from a law enforcement 
agency, we use that information to investigate further to ensure that BSA compli- 
ance systems are adequate. 

We continue to work to improve our supervision in this area and we are con- 
stantly revising and adjusting our procedures to keep pace with technological devel- 
opments and the increasing sophistication of money launderers and terrorist 
financers. For example, along with the other Federal banking agencies, the OCC re- 
cently developed examination procedures to implement several key sections of the 
USA PATRIOT Act, and we expect to be issuing a revised version of our BSA Hand- 
book by year end. We have also recently initiated two programs that will provide 
stronger and more complete analytical information to assist our examiners in identi- 
fying banks that may have high money laundering risk. Specifically, we are devel- 
oping a database of national-bank filed SAR’s with enhanced search and reporting 
capabilities, and we also are developing and will implement nationwide, a new risk 
assessment process to better identify high-risk banks. Additionally, we are exploring 
with FinCEN and the other banking agencies better ways to use BSA information 
in our examination process to better identify risks and vulnerabilities in the bank- 
ing system. 

Recent events surrounding Riggs Bank N.A. have heightened interest in how the 
banking agencies, and the OCC in particular, conduct supervision for BSA/AML 
compliance. Together with FinCEN, the OCC recently assessed a record $25 million 
civil money penalty (CMP) against Riggs Bank N.A. The OCC also imposed a sup- 
plemental cease-and-desist (C&D) order on the bank, requiring the institution to 
strengthen its controls and improve its processes in the BSA/AML area. Along with 
the C&D order we issued against the hank in July 2003, these and other actions 
we have taken have greatly reduced the bank’s current risk profile. 

However, with the benefit of hindsight, it is clear that the supervisory actions 
that we previously took against the bank were not sufficient to achieve satisfactory 
and timely compliance with the BSA, that more probing inquiry should have been 
made into the bank’s high risk accounts, and that stronger, more forceful enforce- 
ment action should have been taken sooner. While we do not believe that Riggs is 
representative of the OCC’s supervision in the BSA/AML area, we are nonetheless 
taking a number of steps to guard against a repeat of this type of situation. In this 
regard, I have directed that our Quality Management Division commence a review 
and evaluation of our BSA/AML supervision of Riggs and make recommendations 
to me on several issues concerning our approach to and the adequacy of our BSA/ 
AML supervision programs generally, and particularly with respect to Riggs. 

Background and Legal Framework 

In 1970, Congress passed the “Currency and Foreign Transactions Reporting Act” 
otherwise known as the “Bank Secrecy Act” (BSA), which established requirements 
for recordkeeping and reporting by private individuals, banks, and other financial 
institutions. The BSA was designed to help identify the source, volume, and move- 
ment of currency and other monetary instruments into or out of the United States 
or being deposited in financial institutions. The statute sought to achieve that objec- 
tive by requiring individuals, banks, and other financial institutions to create a 
paper trail by keeping records and filing reports of certain financial transactions 
and of unusual currency transfers. This information then enables law enforcement 
and regulatory agencies to pursue investigations of criminal, tax, and regulatory vio- 
lations. 

The BSA regulations require all financial institutions to submit various reports 
to the Government. The most common of these reports are: (1) FinCEN Form 104 
(formerly IRS Form 4789) — Currency Transaction Report (CTR) for each payment 
or transfer, by, through or to a financial institution, which involves a transaction 
in currency of more than $10,000; and (2) FinCEN Form 105 (formerly Customs 
Form 4790) — Report of International Transportation of Currency or Monetary In- 
struments (CMIR) for each person who physically transports monetary instruments 
in an aggregate amount exceeding $10,000 into or out of the United States. Bank 
supervisors are not responsible for investigating or prosecuting violations of crimi- 
nal law that may be indicated by the information contained in these reports; they 
are, however, charged with assuring that the requisite reports are filed timely and 
accurately. 

The Money Laundering Control Act of 1986 precludes the circumvention of the 
BSA requirements by imposing criminal liability for a person or institution that 
knowingly assists in the laundering of money, or who structures transactions to 
avoid reporting. It also directed banks to establish and maintain procedures reason- 
ably designed to assure and monitor compliance with the reporting and record- 
keeping requirements of the BSA. As a result, on January 27, 1987, all Federal 



49 


bank regulatory agencies issued essentially similar regulations requiring banks to 
develop procedures for BSA compliance. The OCC’s regulation requiring that every 
national bank maintain an effective BSA compliance program is set forth at 12 CFR 
§21.21 and is described in more detail below. 

Together, the BSA and the Money Laundering Control Act charge the bank regu- 
latory agencies with: 

• overseeing banks’ compliance with the regulations described, which direct banks 
to establish and maintain a BSA compliance program; 

• requiring that each examination includes a review of this program and describes 
any problems detected in the agencies’ report of examination; and 

• taking C&D actions if the agency determines that the bank has either failed to 
establish the required procedures or has failed to correct any problem with the 
procedures which was previously cited by the agency. 

The Annunzio-Wylie Anti-Money Laundering Act, which was enacted in 1992, 
strengthened the sanctions for BSA violations and the role of the Treasury Depart- 
ment. It contained the following provisions: 

• a so-called “death penalty” sanction, which authorized the revocation of the char- 
ter of a bank convicted of money laundering or of a criminal violation of the BSA; 

• an authorization for Treasury to require the filing of suspicious-transaction re- 
ports by financial institutions; 

• the grant of a “safe harbor” against civil liability to persons who report suspicious 
activity; and 

• an authorization for Treasury to issue regulations requiring all financial institu- 
tions, as defined in BSA regulations, to maintain “minimum standards” of an 
AML program. 

Two years later, Congress passed the Money Laundering Suppression Act, which 
primarily addressed Treasury’s role in combating money laundering. This statute: 

• directed Treasury to attempt to reduce the number of CTR filings by 30 percent 
and, to assist in this effort, it established a system of mandatory and discre- 
tionary exemptions for banks; 

• required Treasury to designate a single agency to receive SAR’s; 

• required Treasury to delegate CMP powers for BSA violations to the Federal bank 
regulatory agencies subject to such terms and conditions as Treasury may require; 

• required nonbank financial institutions to register with Treasury; and 

• created a safe harbor from penalties for banks that use mandatory and discre- 
tionary exemptions in accordance with Treasury directives. 

Finally, in 2001, as a result of the September 11 terror attacks, Congress passed 
the USA PATRIOT Act. The USA PATRIOT Act is arguably the single most signifi- 
cant AML law that has been enacted since the BSA itself. Among other things, the 
USA PATRIOT Act augmented the existing BSA framework by prohibiting banks 
from engaging in business with foreign shell banks, requiring banks to enhance 
their due diligence procedures concerning foreign correspondent and private banking 
accounts, and strengthening their customer identification procedures. The USA PA- 
TRIOT Act also: 

• provides the Secretary of the Treasury with the authority to impose special meas- 
ures on jurisdictions, institutions, or transactions that are of “primary money- 
laundering concern;” 

• facilitates records access and requires banks to respond to regulatory requests for 
information within 120 hours; 

• requires regulatory agencies to evaluate an institution’s AML record when consid- 
ering bank mergers, acquisitions, and other applications for business combina- 
tions; 

• expands the AML program requirements to all financial institutions; and 

• increases the civil and criminal penalties for money laundering. 

The OCC and the other Federal banking agencies have issued two virtually iden- 
tical regulations designed to ensure compliance with the BSA. The OCC’s BSA com- 
pliance regulation, 12 CFR §21.21, requires every national bank to have a written 
program, approved by the board of directors, and reflected in the minutes of the 
bank. The program must be reasonably designed to assure and monitor compliance 
with the BSA and must, at a minimum: (1) provide for a system of internal controls 
to assure ongoing compliance; (2) provide for independent testing for compliance; (3) 
designate an individual responsible for coordinating and monitoring day-to-day com- 
pliance; and (4) provide training for appropriate personnel. In addition, the imple- 
menting regulation for Section 326 of the USA PATRIOT Act requires every bank 
adopt a customer identification program as part of its BSA compliance program. 



50 


The OCC’s SAR regulation, 12 CFR §21.11, requires every national bank to file 
a SAR when they detect certain known or suspected violations of Federal law or sus- 
picious transactions related to a money laundering activity or a violation of the 
BSA. This regulation mandates a SAR filing for any potential crimes: (1) involving 
insider abuse regardless of the dollar amount; (2) where there is an identifiable 
suspect and the transaction involves $5,000 or more; and (3) where there is no iden- 
tifiable suspect and the transaction involves $25,000 or more. Additionally, the regu- 
lation requires a SAR filing in the case of suspicious activity that is indicative of 
potential money laundering or BSA violations and the transaction involves $5,000 
or more. 

OCC’S BSA/AML Supervision 

The OCC and the other Federal banking agencies are charged with ensuring that 
banks maintain effective AML programs. The OCC’s AML responsibilities are coex- 
tensive with our regulatory mandate of ensuring the safety and soundness of the 
national banking system. Our supervisory processes seek to ensure that institutions 
have compliance programs in place that include systems and controls to satisfy ap- 
plicable CTR and SAR filing requirements, as well as other reporting and record- 
keeping requirements to which banks are subject under the BSA. 

The OCC devotes significant resources to BSA/AML supervision. The OCC has 
nearly 1,700 examiners in the field, many of whom are involved in both safety and 
soundness and compliance with applicable laws including the BSA. We have over 
300 examiners onsite at our largest national banks, engaged in continuous super- 
vision of all aspects of their operations. In 2003, the equivalent of approximately 40 
full time employees were dedicated to BSA/AML supervision. The OCC also has 
three full-time BSA/AML compliance specialists in our Washington DC head- 
quarters office dedicated to developing policy, training, and assisting on complex ex- 
aminations. In addition, the OCC has a full-time fraud expert in Washington DC, 
who is responsible for tracking the activities of offshore shell banks and other vehi- 
cles for defrauding banks and the public. These resources are supplemented by doz- 
ens of attorneys in our district offices and Washington DC headquarters office who 
work on compliance matters. In 2003 alone, not including our continuous large bank 
supervision, the OCC conducted approximately 1,340 BSA examinations of 1,100 in- 
stitutions and, since 1998, we have completed nearly 5,700 BSA examinations of 
5,300 institutions. 

The OCC monitors compliance with the BSA and money laundering laws through 
its BSA compliance and money laundering prevention examination procedures. The 
OCC’s examination procedures were developed by the OCC, in conjunction with the 
other Federal banking agencies, based on our extensive experience in supervising 
and examining national banks in the area of BSA/AML compliance. The procedures 
are risk-based, focusing our examination resources on high-risk banks and high-risk 
areas within banks. During an examination, examiners use the procedures to review 
the bank’s policies, systems, and controls. Examiners test the bank’s systems by re- 
viewing certain individual transactions when they note control weaknesses, have 
concerns about high-risk products or services in a bank, or receive information from 
a law enforcement or other external source. 

In 1997, the OCC formed the National Anti-Money Laundering Group (NAMLG), 
an internal task force that serves as the focal point for all BSA/AML matters. 
Through the NAMLG, the OCC has undertaken a number of projects designed to 
improve the agency’s supervision of the BSA/AML activities of national banks. 
These projects include the development of a program to identify high-risk banks for 
expanded scope BSA examinations and the examination of those banks using agency 
experts and expanded procedures; examiner training; the development of revised ex- 
amination procedures; and issuance of policy guidance on various BSA/AML topics. 
Over the years, the NAMLG has had many significant accomplishments including: 

• publishing and updating numerous guidance documents, including the Comptrol- 
ler’s BSA Handbook, extensive examination procedures, numerous OCC advi- 
sories, bulletins and alerts, and a comprehensive reference guide for bankers and 
examiners; 

• providing expertise to the Treasury Department and the Department of Justice 
in drafting the annual U.S. National Money Laundering Strategy; 

• providing expertise to the Treasury Department, FinCEN and the other Federal 
banking agencies in drafting the regulations to implement the USA PATRIOT Act; 
and 

• developing state-of-the-art training programs for OCC and other Federal and for- 
eign regulatory authorities in training their examiners in BSA/AML supervision. 



51 


To deploy its resources most effectively, the OCC uses criteria developed by 
NAMLG that targets banks for expanded scope AML examinations. Experienced ex- 
aminers and other OCC experts who specialize in BSA compliance, AML, and fraud 
are assigned to the targeted examinations. The examinations focus on areas of iden- 
tified risk and include comprehensive transactional testing procedures. The fol- 
lowing factors are considered in selecting banks for targeted examinations: 

• locations in high-intensity drug trafficking areas (HIDTA) or high-intensity money 

laundering and related financial crime areas (HIFCA); 

• excessive currency flows; 

• significant international, private banking, fiduciary or other high-risk activities; 

• unusual suspicious activity reporting patterns; 

• unusual large currency transaction reporting patterns; and 

• fund transfers or account relationships with drug source countries or countries 

with stringent financial secrecy laws. 

The program may focus on a particular area of risk in a given year. For example, 
our 2005 targeting program will focus on banks that have significant business activ- 
ity involving foreign money services businesses. In prior years, our targeting focus 
has been on banks that have significant business activity in private banking, off- 
shore banking, and lines of business subject to a high risk of terrorist financing. 

Other responsibilities of the NAMLG include sharing information about money 
laundering issues with the OCC’s District offices; analyzing money laundering 
trends and emerging issues; and promoting cooperation and information sharing 
with national and local AML groups, the law enforcement community, bank regu- 
latory agencies, and the banking industry. 

NAMLG has also worked with law enforcement agencies and other regulatory 
agencies to develop an interagency examiner training curriculum that includes in- 
struction on common money laundering schemes. In addition, the OCC has con- 
ducted AML training for foreign bank supervisors and examiners two to three times 
per year for the past 4 years. Over 250 foreign bank supervisors have participated 
in this training program. Recently, the World Bank contracted with the OCC to tape 
our international BSA school for worldwide broadcast. The OCC has also partnered 
with the State Department to provide AML training to high-risk jurisdictions, in- 
cluding selected Middle Eastern countries. And we consistently provide instructors 
for the Federal Financial Institutions Examination Council schools, which are now 
patterned after the OCC’s school. In total, the OCC’s AML schools have trained ap- 
proximately 550 OCC examiners over the past 5 years. 

OCC’s Enforcement Authority 

Effective bank supervision requires clear communications between the OCC and 
the bank’s senior management and board of directors. In most cases, problems in 
the BSA/AML area, as well as in other areas, are corrected by bringing the problem 
to the attention of bank management and obtaining management’s commitment to 
take corrective action. An OCC Report of Examination documents the OCC’s find- 
ings and conclusions with respect to its supervisory review of a bank. Once problems 
or weaknesses are identified and communicated to the bank, the bank’s senior man- 
agement and board of directors are expected to promptly correct them. The actions 
that a bank takes, or agrees to take, to correct deficiencies documented in its Report 
are important factors in determining whether more forceful action is needed. 

OCC enforcement actions fall into two broad categories: Informal and formal. In 
general, informal actions are used when the identified problems are of limited scope 
and magnitude and bank management is regarded as committed and capable of cor- 
recting them. Informal actions include commitment letters, memoranda of under- 
standing, and matters requiring board attention in examination reports. These 
generally are not public actions. 

The OCC also may use a variety of formal enforcement actions to support its su- 
pervisory objectives. Unlike most informal actions, formal enforcement actions are 
authorized by statute, are generally more severe, and are disclosed to the public. 
Formal actions against a bank include C&D orders, formal written agreements and 
CMPs. C&D orders and formal agreements are generally entered into consensually 
by the OCC and the bank and require the bank to take certain actions to correct 
identified deficiencies. The OCC may also take formal action against officers, direc- 
tors and other individuals associated with an institution (institution-affiliated par- 
ties). Possible actions against institution-affiliated parties include removal and pro- 
hibition from participation in the banking industry, CMP’s, and C&D orders. 

In the BSA area, the OCC’s CMP authority is concurrent with that of FinCEN. 
In cases involving systemic noncompliance with the BSA, in addition to taking our 



52 


own actions, the OCC refers the matter to FinCEN. In the case of Riggs Bank, the 
OCC and FinCEN worked together on the CMP against the bank. 

In recent years, the OCC has taken numerous formal actions against national 
banks to bring them into compliance with the BSA. These actions are typically C&D 
orders and formal agreements. The OCC has also taken formal actions against insti- 
tution-affiliated parties who participated in BSA violations. From 1998 to 2003, the 
OCC has issued a total of 78 formal enforcement actions based in whole, or in part, 
on BSA/AML violations. During this same time period, the OCC has also taken 
countless informal enforcement actions to correct compliance program deficiencies 
that did not rise to the level of a violation of law. 

Significant BSA/AML Enforcement Actions 
The OCC has been involved in a number of cases involving serious BSA violations 
and, in some cases, actual money laundering. Some of the more significant cases in- 
volved the Bank of China (New York Federal Branch), Broadway National Bank, 
Banco do Estado de Parana (New York Federal Branch), and Jefferson National 
Bank. There are also dozens of other examples where the OCC identified significant 
money laundering or BSA non-compliance, took effective action to stop the activity, 
and ensured that accurate and timely referrals were made to law enforcement. 

Bank of China, New York Federal Branch 

In May 2000, OCC examiners conducting a safety and soundness examination dis- 
covered serious misconduct on the part of the branch and its former officials, includ- 
ing the facilitation of a fraudulent letter of credit scheme and other suspicious activ- 
ity and potential fraud and money laundering. The misconduct, which resulted in 
significant losses to the branch, was subsequently referred to law enforcement. In 
January 2002, the OCC and the Peoples’ Bank of China entered into companion ac- 
tions against the Bank of China and its United States-based Federal branches. The 
bank’s New York branch agreed to pay a $10 million penalty assessed by the OCC 
and the parent bank, which is based in Beijing, agreed to pay an equivalent amount 
in local currency to the People’s Bank of China, for a total of $20 million. The OCC 
also required that the branch execute a C&D order which, among other things, re- 
quired it to establish account opening and monitoring procedures, a system for iden- 
tifying high risk customers, and procedures for regular, ongoing review of account 
activity of high risk customers to monitor and report suspicious activity. The OCC 
also took actions against six institution-affiliated parties. 

Broadway National Bank, New York, New York 

In March 1998, the OCC received a tip from two separate law enforcement agen- 
cies that this bank may be involved in money laundering. The OCC immediately 
opened an examination which identified a number of accounts at the bank that were 
either being used to structure transactions, or were receiving large amounts of cash 
with wire transfers to countries known as money laundering and drug havens. 
Shortly thereafter, the OCC issued a C&D order which shut down the money laun- 
dering and required the bank to adopt more stringent controls. The OCC also initi- 
ated prohibition and CMP cases against bank insiders. In referring the matter to 
law enforcement, we provided relevant information including the timing of deposits 
that enabled law enforcement to seize approximately $4 million and arrest a dozen 
individuals involved in this scheme. The subsequent OCC investigation resulted in 
the filing of additional SAR’s, the seizure of approximately $2.6 million in additional 
funds, more arrests by law enforcement, and a referral by the OCC to FinCEN. In 
November 2002, the bank pled guilty to a three count felony information that 
charged it with failing to maintain an AML program, failing to report approximately 
$123 million in suspicious bulk cash and structured cash deposits, and aiding and 
assisting customers to structure approximately $76 million in transactions to avoid 
the CTR requirements. The bank was required to pay a $4 million criminal fine. 

Banco do Estado de Parana, Federal Branch, New York, N.Y (Banestado) 

In the summer of 1997, the OCC received information from Brazilian Government 
officials concerning unusual deposits leaving Brazil via overnight courier. The OCC 
immediately dispatched examiners to the branch that was receiving the majority of 
the funds. OCC examiners discovered significant and unusually large numbers of 
monetary instruments being shipped via courier into the Federal branch from Brazil 
and other countries in South America, as well as suspicious wire transfer activity 
that suggested the layering of the shipped deposits through various accounts with 
no business justification for the transfers. The OCC entered into a C&D order with 
the Federal branch and its head office in Brazil in January 1998 that required con- 
trols over the courier and wire transfer activities and the filing of SAR’s with law 
enforcement. The OCC also hosted several meetings with various law enforcement 



53 


agencies discussing these activities and filed a referral with FinCEN. Shortly there- 
after, the Brazilian bank liquidated the branch. In May 2000, the OCC assessed a 
CMP against the branch for $75,000. 

Jefferson National Bank, Watertown, New York 

During the 1993 examination of this bank, the OCC learned from the Federal Re- 
serve Bank of New York that the bank was engaging in cash transactions that were 
not commensurate with its size. OCC examiners subsequently discovered that sev- 
eral bank customers were depositing large amounts of cash that did not appear to 
be supported by the purported underlying business, with the funds being wired off- 
shore. The OCC filed four criminal referral forms (predecessor to the SAR) with law 
enforcement pertaining to this cash activity and several additional criminal referral 
forms pertaining to insider abuse and fraud at the bank. The OCC also briefed sev- 
eral domestic and Canadian law enforcement agencies alerting them to the signifi- 
cant sums of money flowing through these accounts at the bank. Based upon this 
information, law enforcement commenced an investigation of these large deposits. 
The investigation resulted in one of the most successful money laundering prosecu- 
tions in U.S. Government history. The significant sums of money flowing through 
the bank were derived from cigarette and liquor smuggling through the Akwesasne 
Indian Reservation in northern New York. The ring smuggled $687 million worth 
of tobacco and alcohol into Canada between 1991 and 1997. The case resulted in 
21 indictments that also sought the recovery of assets totaling $557 million. It also 
resulted in the December 1999 guilty plea by a subsidiary of R.J. Reynolds tobacco 
company and the payment of a $15 million criminal fine. The four criminal referral 
forms filed by the OCC in the early stages of this investigation were directly on 
point and pertained to the ultimate ringleaders in the overall scheme. These money 
laundering cases were in addition to the C&D order entered into with the bank, the 
prohibition and CMP cases that were brought by the OCC, and the insider abuse 
bank fraud cases that were brought by law enforcement against some of the bank’s 
officers and directors. Seven bank officers and directors were ultimately convicted 
of crimes. 

OCC Cooperation with Law Enforcement and Other Agencies 

As the above cases illustrate, combating money laundering depends on the co- 
operation of law enforcement, the bank regulatory agencies, and the banks them- 
selves. The OCC participates in a number of interagency working groups aimed at 
money laundering prevention and enforcement, and meets on a regular basis with 
law enforcement agencies to discuss money laundering issues and share information 
that is relevant to money laundering schemes. For example, the OCC is an original 
member of both the National Interagency Bank Fraud Working Group and the Bank 
Secrecy Act Advisory Group. Both of these groups include representatives of the De- 
partment of Justice, the FBI, the Treasury Department, and other law enforcement 
agencies, as well as the Federal banking agencies. Through our interagency con- 
tacts, we sometimes receive leads as to possible money laundering in banks that we 
supervise. Using these leads, we can target compliance efforts in areas where we 
are most likely to uncover problems. For example, if the OCC receives information 
that a particular account is being used to launder money, our examiners would then 
review transactions in that account for suspicious funds movements, and direct the 
bank to file a SAR if suspicious transactions are detected. The OCC also provides 
information, documents, and expertise to law enforcement for use in criminal inves- 
tigations on a case-specific basis. 

The OCC has also played an important role in improving the AML and terrorist 
financing controls in banking throughout the world. For the past several years, the 
OCC has provided examiners to assist with numerous U.S. Government-sponsored 
international AML and terrorist financing assessments. We have a cadre of specially 
trained examiners that has provided assistance to the Treasury Department and the 
State Department on these assessments in various parts of the world, including 
South and Central America, the Caribbean, the Pacific-rim nations, the Middle 
East, Russia, and the former Eastern Bloc nations. In this regard, the cadre has 
participated in terrorist financing investigations, assessed local money laundering 
laws and regulatory infrastructure, and provided training to bank supervisors. 

The OCC is also providing direct assistance to the Coalition Provisional Authority 
(CPA) of Iraq. Four OCC examiners are currently working in Iraq as technical as- 
sistance advisers to the CPA’s Ministry of Finance and helping their counterparts 
at the Central Bank of Iraq develop a risk-based supervisory system tailored to the 
Iraqi banking system. The OCC examiners are assisting in the development of a law 
addressing money laundering and terrorist financing that is close to enactment by 



54 


the CPA, the drafting of new policy and examination manuals to implement this 
law, and they are providing extensive AML training to Iraqi bank regulators. 

Post-September 11 Activities and the Implementation of the 
USA PATRIOT Act 

In the immediate aftermath of the September 11 terror attacks, the OCC partici- 
pated in a series of interagency meetings with bankers sponsored by the New York 
Clearinghouse to discuss the attacks and their impact on the U.S. economy and 
banking system, and provided guidance to the industry concerning the various re- 
quests from law enforcement for account and other information. The OCC was also 
instrumental in working with the other banking agencies to establish an electronic 
e-mail system for law enforcement to request information about suspected terrorists 
and money launderers from every financial institution in the country. This FBI Con- 
trol List system was in place five weeks after September 11 and was the precursor 
to the current system established under Section 314(a) of the USA PATRIOT Act, 
which is now administered by FinCEN. At the same time, the OCC established a 
secure emergency communications e-mail system for all national banks through the 
OCC’s BankNet technology. 

In October 2001, Congress passed the USA PATRIOT Act. The OCC has been 
heavily involved in the many interagency work groups tasked with writing regula- 
tions to implement the USA PATRIOT Act over the past few years. To date, these 
work groups have issued final rules implementing Sections 313 (foreign shell bank 
prohibition); 319(b) (foreign correspondent bank account records), 314 (information 
sharing), and 326 (customer identification). The OCC was also involved in drafting 
the interim final rule implementing Section 312 (foreign private banking and cor- 
respondent banking). 

The OCC took the lead in developing the current 314(a) process for disseminating 
information between law enforcement and the banks. The OCC worked with the in- 
terested regulatory and law enforcement agencies, and drafted detailed instructions 
to banks concerning the 314(a) process and the extent to which banks are required 
to conduct record and transactions searches on behalf of law enforcement. The OCC 
also took the lead in drafting a frequently asked questions (FAQ’s) document to pro- 
vide further guidance as to the types of accounts and transactions required to be 
searched, when manual searches for this information would be required, and the 
timeframes for providing responses back to law enforcement. Under the new proce- 
dures, 314(a) requests from FinCEN are batched and issued every two weeks, unless 
otherwise indicated, and financial institutions have two weeks to complete their 
searches and respond with any matches. 

Throughout this process, the OCC continually assisted FinCEN in maintaining an 
accurate electronic database of 314(a) contacts for every national bank and Federal 
branch, provided effective communications to the industry through agency alerts 
concerning the 314(a) system, and participated in quarterly interagency meetings 
with fellow regulators and law enforcement agencies to ensure that the process was 
working effectively and efficiently. 

The OCC also took the lead in drafting the interagency Customer Identification 
Program (CIP) regulation mandated by Section 326 of the USA PATRIOT Act, which 
mandates the promulgation of regulations that, at a minimum, require financial in- 
stitutions to implement reasonable procedures for: (1) verifying the identity of any 
person seeking to open an account, to the extent reasonable and practicable; (2) 
maintaining records of the information used to verify the person’s identity, including 
name, address, and other identifying information; and (3) determining whether the 
person appears on any lists of known or suspected terrorists or terrorist organiza- 
tions provided to the financial institution by any government agency. The OCC is 
also the primary drafter of interagency FAQ’s concerning the implementation of the 
CIP rules. A second set of interagency FAQ’s will be issued shortly. 

In order to assess USA PATRIOT Act implementation by the industry, in the 
summer of 2002, the OCC conducted reviews of all of its large banks to assess their 
compliance with the regulations issued under the USA PATRIOT Act up to that 
time, and to evaluate the industry response to terrorist financing risk. Although, at 
that time, many of the USA PATRIOT Act regulations had not yet been finalized, 
we felt it was important to ascertain the level of bank compliance with and under- 
standing of the new requirements. The purpose of these reviews was to discern the 
types of systems and controls banks had in place to deter terrorist financing, and 
follow up with full-scope AML exams in institutions that had weaknesses. As a re- 
sult of these reviews, the OCC was able to obtain practical first hand knowledge 
concerning how banks were interpreting the new law, whether banks were having 
problems implementing the regulations or controlling terrorist financing risk, and 
which banks needed further supervision in this area. 



55 


On October 20, 2003, the OCC issued interagency examination procedures to 
evaluate national bank compliance with the requirements of Section 313 and 3 19(b), 
and Section 314 of the USA PATRIOT Act. The procedures were designed to assess 
how well banks are complying with the new regulations and to facilitate a con- 
sistent supervisory approach among the banking agencies. OCC examiners are now 
using the procedures during BSA/AML examinations of the institutions under our 
supervision. The procedures allow examiners to tailor the examination scope accord- 
ing to the reliability of the bank’s compliance management system and the level of 
risk assumed by the institution. An interagency working group is currently drafting 
examination procedures concerning Section 326 of the USA PATRIOT Act. The OCC 
is also the primary drafter of these procedures and we expect that they will be 
issued shortly. 

OCC Outreach and Industry Education 
As previously stated, the primary responsibility for ensuring that banks are in 
compliance with the BSA lies with the bank’s management and its directors. To aid 
them in meeting this responsibility, the OCC devotes extensive time and resources 
to educating the banking industry about its obligations under the BSA. This has 
typically included active participation in conferences and training sessions across 
the country. For example, in 2002 the OCC sponsored a nationwide teleconference 
to inform the banking industry about the USA PATRIOT Act. This teleconference 
was broadcast to 774 sites with approximately 5,400 listeners. 

The OCC also provides guidance to national banks through: (1) industry outreach 
efforts that include roundtable discussions with bankers and industry wide con- 
ference calls sponsored by the OCC; (2) periodic bulletins that inform and remind 
banks of their responsibilities under the law, applicable regulations, and adminis- 
trative rulings dealing with BSA reporting requirements and money laundering; (3) 
publications, including the distribution of comprehensive guide in this area entitled 
Money Laundering: A Banker’s Guide to Avoiding Problems; (4) publication and 
distribution of the Comptroller’s BSA Handbook which contains the OCC’s BSA ex- 
amination procedures, and the Comptroller’s Handbook for Community Bank Super- 
vision which provides guidance on BSA/AML risk assessment; and (5) periodic alerts 
and advisories of potential frauds or questionable activities, such as alerts on unau- 
thorized banks and FinCEN reporting processes. In addition, senior OCC officials 
are regular participants in industry seminars and forums on the BSA, the USA PA- 
TRIOT Act, and related topics. 

Current Supervisory Initiatives 

The OCC uses somewhat different examination approaches depending largely on 
the size of the institution and its risk profile. In large banks (generally total assets 
of $25 billion) and mid-size banks (generally total assets of $5 billion), OCC exam- 
iners focus first on the bank’s BSA compliance program. These banks are subject 
to our general BSA/AML examination procedures that include, at a minimum, a re- 
view of the bank’s internal controls, policies, procedures, customer due diligence, 
SAR/CTR information, training programs, and compliance audits. We also evaluate 
BSA officer competence, the BSA program structure, and the bank’s audit program, 
including the independence and competence of the audit staff. While examining for 
overall BSA compliance, examiners typically focus on suspicious activity monitoring 
and reporting systems and the effectiveness of the bank’s customer due diligence 
program. 

Additional and more detailed procedures are conducted if control weaknesses or 
concerns are encountered during the general procedures phase of the examination. 
These supplemental procedures include: 

• transaction testing to ascertain the level of risk in the particular business area 
(for example, private banking, payable upon proper identification programs 
(PUPID), nonresident alien accounts, international brokered deposits, foreign cor- 
respondent banking, and pouch activity) and to determine whether the bank is 
complying with its policies and procedures, including SAR and CTR filing require- 
ments; 

• evaluation of the risks in a particular business line or in specific accounts and 
a determination as to whether the bank is adequately managing the risks; 

• a selection of bank records to determine that its recordkeeping processes are in 
compliance with the BSA. 

For community banks (generally total assets under $5 billion), examiners deter- 
mine the examination scope based on the risks facing the institution. For low-risk 
banks, examiners evaluate changes to the bank’s operations and review the bank’s 
BSA/AML compliance program. For banks with higher risk characteristics and weak 
controls, additional procedures are performed, including review of a sample of high- 



56 


risk accounts and additional procedures set forth above. Examiners also perform 
periodic monitoring procedures between examinations and conduct follow-up activi- 
ties when significant issues are identified. 

Use of CTR and SAR Data in the Examination Process 
All banks are required by regulation to report suspected crimes and suspicious 
transactions that involve potential money laundering or violate the BSA. In April 
1996, the OCC, together with the other Federal banking agencies, and FinCEN, un- 
veiled the SAR system, SAR form, and database. This system provides law enforce- 
ment and regulatory agencies online access to the entire SAR database. Based upon 
the information in the SAR’s, law enforcement agencies may then, in turn, initiate 
investigations and, if appropriate, take action against violators. By using a uni- 
versal SAR form, consolidating filings in a single location, and permitting electronic 
filing, the system greatly improves the reporting process and makes it more useful 
to law enforcement and to the regulatory agencies. As of December 2003, banks and 
regulatory agencies had filed over 1.3 million SAR’s, with national banks by far the 
biggest filers. Nearly 50 percent of these SAR’s were for suspected BSA/money laun- 
dering violations. 

The OCC also uses the SAR database as a means of identifying high-risk banks 
and high-risk areas within banks. Year-to-year trend information on the number of 
SAR’s and CTR’s filed is used to identify banks with unusually low or high filing 
activity. This is one factor used by the OCC to identify high-risk banks. Examiners 
also review SAR’s and CTR’s to identify accounts to include in the examination sam- 
ple. Accounts where there have been repetitive SAR filings or accounts with signifi- 
cant cash activity in a high-risk business or inconsistent with the type of business 
might be accounts selected for the sample. 

Riggs Bank Enforcement Actions 

As previously mentioned, the OCC and FinCEN recently assessed a $25 million 
CMP against Riggs Bank N.A. for violations of the BSA and its implementing regu- 
lations, and for failing to comply with the requirements of an OCC C&D order that 
was signed by the bank in July 2003. Also, in a separate C&D action dated May 
13, 2004 to supplement the C&D we had issued in July 2003, the OCC directed the 
bank to take a number of steps to correct deficiencies in its internal controls, par- 
ticularly in the BSA/AML area. Among other requirements in this separate action, 
the OCC directed the bank to: 

• Ensure competent management. Within 30 days, the board of directors must de- 
termine whether management or staff changes are needed and whether manage- 
ment skills require improvement. 

• Develop a plan to evaluate the accuracy and completeness of the bank’s books and 
records, and develop a methodology for determining that information required by 
the BSA is appropriately documented, filed, and maintained. 

• Adopt and implement comprehensive written policies for internal controls applica- 
ble to the bank’s account relationships and related staffing, including the Em- 
bassy and International Private Banking Group. Among other requirements, the 
policies must mandate background checks of all relationship managers at least 
every 3 years and must prohibit any employee from having signature authority, 
ownership, or custodial powers for any customer account. 

• Develop and implement a policy that permits dividend payments only when the 
bank is in compliance with applicable law and upon written notice to the OCC. 

• Adopt and implement an internal audit program sufficient to detect irregularities 
in the bank’s operation, determine its level of compliance with applicable laws and 
regulations and provide for testing to support audit findings, among other require- 
ments. 

These actions were based on a finding that the bank had failed to implement an 
effective AML program. As a result, the bank did not detect or investigate sus- 
picious transactions and had not filed SAR’s as required under the law. The bank 
also did not collect or maintain sufficient information about its foreign bank cus- 
tomers. In particular, the OCC found a number of problems with the bank’s account 
relationship with foreign governments, including Saudi Arabia and Equatorial Guin- 
ea. Riggs failed to properly monitor, and report as suspicious, transactions involving 
tens of million of dollars in cash withdrawals, international drafts that were re- 
turned to the bank, and numerous sequentially numbered cashier’s checks. The 
OCC will continue to closely monitor the corrective action that the bank takes in 
response to the order and we are prepared to take additional actions if necessary. 

These actions are the most recent of a series of escalating supervisory and en- 
forcement reactions to ongoing deficiencies in Riggs BSA/AML compliance program. 
Since this matter involves an open bank and open investigations, there are limita- 



57 


tions on what can be said without disclosing confidential supervisory information 
and potentially compromising future criminal, civil and administrative actions. With 
that caveat, we have tried to set out below a summary of our supervision of this 
institution in the BSA/AML area, dating back to 1997. 

The OCC first identified deficiencies in Riggs’ procedures several years ago. Be- 
ginning in the late 1990’s, we recognized the need for improved processes at Riggs 
and for improvements in the training in, and awareness of, the BSA’s requirements 
and in the controls over their BSA processes. Prior to September 11, the OCC vis- 
ited the bank at least once a year and sometimes more often to either examine or 
review the Bank’s BSA/AML compliance program. 

Over this timeframe OCC examiners consistently found that Riggs’ BSA compli- 
ance program was either “satisfactory” or “generally adequate,” meaning that it met 
the minimum requirements of the BSA, but we nonetheless continued to identify 
weaknesses and areas of its program that needed improvement in light of the busi- 
ness conducted by the bank. We addressed these weaknesses using various informal, 
supervisory actions. Generally, this involved bringing the problems to the attention 
of bank management and the board and securing their commitment to take correc- 
tive action. 

During this period, it was clear that the bank’s compliance program needed im- 
provement but we determined that the program weaknesses did not rise to the level 
of a violation of our regulation or pervasive supervisory concern. The OCC identified 
problems with the bank’s internal audit coverage in this area, its internal moni- 
toring processes, and its staff training on the BSA and customer due diligence re- 
quirements. Repeatedly, management took actions to address specific OCC concerns 
but, as is now clear, the corrective actions being taken often were not sufficient to 
achieve the intended results. The bank was continually taking steps to respond to 
OCC criticisms, but failed to take action on its own to improve its overall compli- 
ance program, especially with regard to high-risk areas. Due to the lack of an effec- 
tive and proactive management team, additional weaknesses and deficiencies were 
continually identified by the OCC over this time period, but bank follow-up on these 
weaknesses ultimately proved to be ineffective and the problems continued longer 
than they should have. 

As various changes occurred in the regulatory expectations for banks relative to 
BSA compliance and related issues over this period of time, our scrutiny of the bank 
was adjusted accordingly. For example, when the Financial Action Task Force and 
FinCEN identified “uncooperative” countries, we conducted an examination at Riggs 
that specifically focused on account relationships with those countries and deter- 
mined that the bank did not have extensive transaction activity with any of the 
countries on the list. In addition, Treasury issued its guidance on “politically 
exposed persons” in January 2001, and, as a result, the OCC’s focus on the risks 
associated with the Riggs’ embassy banking business began to increase and our su- 
pervisory activities were heightened accordingly. However, at that time, the King- 
dom of Saudi Arabia was not viewed as a country that posed heightened risk of 
money laundering or terrorist financing, and Equatorial Guinea had just begun to 
reap the financial benefits of the discovery of large oil reserves in the mid-1990’s. 

After September 11, the OCC escalated its supervisory efforts to bring Riggs’ com- 
pliance program to a level commensurate with the risks that were undertaken by 
the bank and we believed that we were beginning to see some progress in this re- 
gard. In fact, the bank was beginning the process of a major computer system con- 
version that would address many of the shortcomings in the existing information 
systems that the bank was relying on. Unfortunately, bank management had to ad- 
just the timeline repeatedly. This caused significant delays in the implementation 
date, pushing it from the original target of year-end 2002 to September 2003. Thus, 
the bank was not able to fulfill many of the commitments that it made to the OCC 
to correct our concerns pertaining to their BSA compliance program. Also, as pre- 
viously mentioned, the OCC conducted a series of anti-terrorist financing reviews 
at our large or high-risk banks, including Riggs, in 2002. As a result of these re- 
views and other internal assessments, plus published accounts of suspicious money 
transfers involving Saudi Embassy accounts, our concerns regarding Riggs BSA/ 
AML compliance were heightened. Thus, we commenced another examination of 
Riggs in January 2003. 

The focus of the January 2003 examination was on Riggs’ Embassy banking busi- 
ness, and, in particular, the accounts related to the Embassy of Saudi Arabia. Due 
to its Washington DC location, its extensive retail branch network, and its expertise 
in private banking, Riggs found embassy banking to be particularly attractive and 
had developed a market niche. In fact, at one time, 95 percent of all foreign embas- 
sies in the United States, and 50 percent of the embassies in London conducted 
their banking business with Riggs. The OCC’s examination lasted for approximately 



58 


5 months and involved experts in the BSA/AML area. The findings from the Janu- 
ary 2003 examination formed the basis for the July 2003 C&D order entered into 
with the bank. The OCC also identified violations of the BSA that were referred to 
FinCEN. 

During the course of the 2003 examination, the OCC cooperated extensively with 
investigations by law enforcement into certain suspicious transactions involving the 
Saudi Embassy relationship. These transactions involved tens of millions of dollars 
in cash withdrawals from accounts related to the Embassy of Saudi Arabia; dozens 
of sequentially numbered international drafts that totaled millions of dollars that 
were drawn from accounts related to officials of Saudi Arabia, and that were re- 
turned to the bank; and dozens of sequentially numbered cashier’s checks that were 
drawn from accounts related to officials of Saudi Arabia made payable to the 
accountholder. There was regular contact with the FBI investigators throughout this 
examination. We provided the FBI with voluminous amounts of documents and in- 
formation on the suspicious transactions, including information concerning trans- 
actions at the bank that the FBI previously was not aware of. The OCC also hosted 
a meeting with the FBI to discuss these documents and findings. Throughout this 
process we provided the FBI with important expertise on both general banking mat- 
ters, and on some of the complex financial transactions and products that were iden- 
tified. 

The July 2003 C&D order directed the bank to take a number of steps to correct 
deficiencies in its internal controls in the BSA/AML area and to strongly consider 
staffing changes. Among other requirements in this action, the OCC directed the 
bank to: 

• Hire an independent, external management consultant to conduct a study of the 
Bank’s compliance with the BSA, including, training, SAR monitoring, and cor- 
recting deficiencies and conduct a risk assessment for compliance with the BSA 
throughout the bank. 

• Evaluate the responsibilities and competence of management. In particular, the 
consultant’s report to the board of directors must address, among other things, the 
responsibilities and competence of the bank’s BSA officer, and the capabilities and 
competence of the supporting staff in this area. Within 90 days, the board of direc- 
tors must determine whether any changes are needed regarding the bank’s BSA 
officer and staff; 

• Adopt and implement detailed policies and procedures (including account opening 
and monitoring procedures) to provide for BSA compliance and for the appropriate 
identification and monitoring of high risk transactions; 

• Ensure effective BSA audit procedures and expansion of these procedures. Within 
90 days the board of directors must review and evaluate the level of service and 
ability of the audit function for BSA matters provided by any auditor; and 

• Ensure bank adherence to a comprehensive training program for all appropriate 
operational and supervisory personnel to ensure their awareness and their re- 
sponsibility for compliance with the BSA. 

The OCC began its next examination of the bank’s BSA compliance in October 
2003. The purpose of this examination was to assess compliance with the C&D order 
and the USA PATRIOT Act, and to review accounts related to the Embassy of Equa- 
torial Guinea. It was clear from this examination that the bank had made progress 
in complying with the order and in improving its AML program. Another notable 
accomplishment was the successful implementation of the long planned system up- 
grade that significantly improved the information available to bank staff and 
management to monitor account activity and identify suspicious activity. Notwith- 
standing, there were significant areas of noncompliance noted by our examination. 
The examiners found that, as with the Saudi Embassy accounts, the bank lacked 
sufficient policies, procedures, and controls to identify suspicious transactions con- 
cerning the bank’s relationship with Equatorial Guinea. These transactions involved 
millions of dollars deposited in a private investment company owned by an official 
of the country of Equatorial Guinea; hundreds of thousands of dollars transferred 
from an account of the country of Equatorial Guinea to the personal account of a 
government official of the country; and over a million dollars transferred from an 
account of the country of Equatorial Guinea to a private investment company owned 
by the bank’s relationship manager. The findings from this examination, as well as 
previous examination findings, formed the basis for the OCC’s recent CMP and C&D 
actions. 

In retrospect, as we review our BSA/AML compliance supervision of Riggs during 
this period, we should have been more aggressive in our insistence on remedial 
steps at an earlier time. We also should have done more extensive probing and 
transaction testing of accounts. Our own BSA examination procedures called for 



59 


transactional reviews in the case of high-risk accounts, such as those at issue here, 
yet until recently, that was not done at Riggs in the Saudi Embassy and the Equa- 
torial Guinea accounts. Clearly, the types of strong formal enforcement action that 
we ultimately took should have been taken sooner. This is not a case where the defi- 
ciencies in the bank’s systems and controls were not recognized, nor was there an 
absence of OCC supervisory attention to those deficiencies. But we failed to suffi- 
ciently probe the transactions occurring in the bank’s high-risk accounts and we 
gave the bank too much time, based on its apparent efforts to fix its own problems, 
before we demanded specific solutions, by specific dates, pursuant to formal enforce- 
ment actions. As described below, we have reevaluated our BSA/AML supervision 
processes in light of this experience and we will be implementing changes to im- 
prove how we conduct supervision in this area. I have also directed that our Quality 
Management Division undertake an internal review of our supervision of Riggs. 
These steps are outlined more fully below. 

Improvements Undertaken to Improve BSA/AML Supervision 
While we believe our overall supervisory approach to BSA/AML compliance has 
been rigorous and is working well, we are committed to ongoing evaluation of our 
approaches to BSA/AML compliance and to appropriate revisions to our approach 
in light of technological developments, and the increasing sophistication of money 
launderers and terrorist financers, as well as to address aspects of the process 
where shortcomings were evidenced in the Riggs situation. Recent and current ini- 
tiatives include the following: 

• As previously mentioned, together with the other Federal banking agencies, we 
recently developed revised examination procedures for several key sections of the 
USA PATRIOT Act and we expect to be issuing a revised version of our BSA 
Handbook by the end of the year. 

• We plan to develop our own database of national bank-filed SAR’s with enhanced 
search and reporting capabilities for use in spotting operational risk including in 
the BSA/AML area. This database will be compatible with the OCC’s supervisory 
databases and enable us to: (1) generate specialized reports merging SAR data 
with our existing supervisory data, (2) sort SAR information by bank asset size 
and line of business, and (3) provide enhanced word and other search capabilities. 

• We are developing and will implement nationwide, a new risk assessment process 
to better identify high-risk banks. This system uses standardized data on prod- 
ucts, services, customers, and geographies to generate reports that we will use to 
identify potential outliers, assist in the allocation of examiner resources, and tar- 
get our examination scopes (for example, particular products or business lines). 

• We are exploring with FinCEN and the other agencies better ways to use BSA 
information in our examination process, so that we can better pinpoint risks and 
secure corrective action. Upon completion of FinCEN’s BSA Direct initiative (cur- 
rently under development), the OCC will have direct access, as opposed to dial- 
in access, to the SAR database. We expect that this direct access system will allow 
us to make better and more effective use of FinCEN’s SAR database. 

• We are also exploring how we can systematically capture BSA/AML criticisms in 
examination reports so that we can track situations where no follow-up formal ac- 
tion has been taken. 

• Our Committee on Bank Supervision also has sent an alert to remind and rein- 
force for OCC examination staff the need to recognize accounts and transactions 
that appear to be anomalous or suspicious or that have other characteristics that 
should cause them to be considered high-risk in nature, and to conduct additional 
transaction testing and investigation in such situations. 

In addition, specifically with regard to Riggs, I have directed our Quality Manage- 
ment Division to immediately commence a review and evaluation of our BSA/AML 
supervision of Riggs. This review will include an assessment of whether we took ap- 
propriate and timely actions to address any shortcomings found in the bank’s proc- 
esses and in its responses to matters noted by the examiners, and the extent and 
effectiveness of our coordination and interaction with other regulators and with law 
enforcement. I have also asked for recommendations for improvements to our BSA/ 
AML supervision and our enforcement policy with regard to BSA/AML violations. 

Conclusion 

The OCC is committed to preventing national banks from being used, wittingly 
or unwittingly, to engage in money laundering, terrorist financing, or other illicit 
activities. We stand ready to work with Congress, other financial institution regu- 
latory agencies, law enforcement agencies, and the banking industry to continue to 
develop and implement a coordinated and comprehensive response to the threat 
posed to the Nation’s financial system by money laundering and terrorist financing. 



60 


PREPARED STATEMENT OF DONALD E. POWELL 

Chairman, Federal Deposit Insurance Corporation 

June 3, 2004 

Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank you for 
this opportunity to discuss how the Federal Deposit Insurance Corporation, along 
with the other bank regulatory agencies, addresses our responsibilities under the 
Bank Secrecy Act (BSA) and related anti-money laundering and antiterrorism laws. 

My testimony begins with a brief history of the BSA and an overview of the work 
the FDIC is doing under the law. I also will outline the current initiatives that the 
FDIC is undertaking to foster a culture more focused on the effective supervision 
of banks for compliance with BSA and related laws, and to provide assistance to 
law enforcement agencies. Finally, I will discuss some broader ideas related to the 
way bank regulators, law enforcement, and the banking industry can work together 
to address money laundering and terrorist financing. 

Background and Evolution of BSA 

The Bank Secrecy Act, which was enacted in 1970, authorizes the Secretary of the 
Treasury (Treasury) to issue regulations requiring that financial institutions keep 
records and file reports on certain financial transactions. Treasury’s authority in- 
cludes specifying filing and recordkeeping procedures and designating the busi- 
nesses and types of transactions subject to these procedures. As part of its overall 
responsibility and authority to examine banks for safety and soundness, the FDIC 
is responsible for examining State-chartered, nonmember financial institutions for 
compliance with the BSA. This is consistent with Treasury’s delegation of its au- 
thority under the BSA to the financial regulatory agencies for determining compli- 
ance with the Treasury’s Financial Reporting and Recordkeeping regulations. 

The original purpose of the BSA was to prevent banks from being used to conceal 
money derived from criminal activity and tax evasion. A process of filing various re- 
ports, including currency transaction reports (CTR’s), was established and proved 
highly useful in criminal, tax, and regulatory investigations and proceedings. Banks 
are required to report cash transactions over $10,000 using the CTR. The informa- 
tion collected in the CTR can provide a paper trail for investigations of financial 
crimes, including tax evasion and money laundering, and has led to convictions and 
asset forfeiture actions. 

Although the BSA has been in effect for over 30 years, numerous revisions and 
amendments have been made to enhance the notification and investigation of finan- 
cial crimes. The Money Laundering Control Act, which was enacted in 1986 to re- 
spond to the increase in money laundering activity related to narcotics trafficking, 
was the first major expansion of the BSA. The Money Laundering Control Act 
criminalized money laundering and prohibited the structuring of transactions to 
avoid the filing of CTR’s. Additionally, at that time, banks reported suspicious 
transactions by marking the “Suspicious” box on the CTR and also filing a Report 
of an Apparent Crime form (criminal referral) with the bank’s primary regulator 
and law enforcement agencies. 

Over the years, additional laws and amendments were passed to define how finan- 
cial institutions share information relating to apparent money laundering activities 
with law enforcement. These laws included: the Annunzio-Wylie Money Laundering 
Suppression Act of 1992, which replaced the criminal referral form with the sus- 
picious activity report (SAR) to be used for apparent money laundering activities; 
the Money Laundering Suppression Act of 1994, which liberalized the rules for 
using CTR exemptions; and the Money Laundering and Financial Crimes Strategy 
Act of 1998, which focused on improving cooperation and coordination among regu- 
lators, law enforcement, and the financial services industry. 

The focus of the BSA was escalated further in the wake of the September 11, 
2001, terrorist attacks against the United States with passage of the Uniting and 
Strengthening America by Providing Appropriate Tools to Restrict, Intercept, and 
Obstruct Terrorism Act of 2001, otherwise known as the USA PATRIOT Act. Title 
III of the USA PATRIOT Act expands the BSA beyond its original purpose of deter- 
ring and detecting money laundering to include terrorist financing in the United 
States. One of the new provisions requires financial institutions to conduct due dili- 
gence on customer accounts through a Customer Identification Program (CIP). The 
CIP requires institutions to maintain records, including customer information and 
methods used to verify customers’ identities. 

In 1990, the Financial Crimes Enforcement Network (FinCEN) was established in 
Treasury to administer the BSA and provide a government- wide, multisource intel- 
ligence and analytical network. In October 2001, the USA PATRIOT Act elevated 
the status of FinCEN within Treasury and emphasized its role in fighting terrorist 



61 


financing. In addition to administering the BSA, FinCEN is responsible for expand- 
ing the regulatory framework to other industries (such as insurance, gaming, securi- 
ties brokers/dealers) vulnerable to money laundering, terrorist financing, and other 
crimes. 

Evolution of 314(a) Requests 

Shortly after the attacks on September 11, the Federal Bureau of Investigation 
provided a confidential listing (Control List) of suspected terrorists to the Federal 
banking agencies. The Federal banking agencies provided the list to financial insti- 
tutions to check their records for any relationships or transactions with named sus- 
pects. Financial institutions reported positive matches to the Federal Reserve Bank 
of New York which, in turn, passed the information to the appropriate law enforce- 
ment agency. Based upon this information, law enforcement authorities would 
subpoena the reporting bank for relevant information needed to assist in their in- 
vestigation. The initial Control List primarily consisted of suspects, supporters, and 
material witnesses of the ongoing investigation of the September 11 attacks. 

Section 314 of the USA PATRIOT Act requires FinCEN to establish a formal 
mechanism for law enforcement to communicate names of suspected terrorists and 
money launderers that are under investigation to financial institutions on a regular 
basis. The implementing regulations mandate that financial institutions receiving 
names of suspects search their account and transaction records for potential 
matches and report positive results to FinCEN in the manner and time frame speci- 
fied in the request. This new information sharing system, referred to as “314(a) Re- 
quests,” replaced the Control List. 

Every FinCEN 314(a) request is certified and vetted as a valid and significant ter- 
rorist/money laundering investigation through the appropriate law enforcement 
agency prior to being sent to a financial institution. Law enforcement agencies 
maintain that this new system is an effective, successful tool in their investigations. 

Information provided to the FDIC from FinCEN, showing the initial results of the 
program, indicate some successes. From February 18, 2003, through November 25, 
2003, agencies have processed 188 law enforcement requests. Of these cases, 124 
were related to money laundering and 64 cases were related to terrorism or terrorist 
financing. There were 1,256 subjects of interest in these investigations. Of these, fi- 
nancial institutions responded with 8,880 matches, resulting in the discovery or 
issuance of the following: 

• 795 new accounts identified; 

• 35 new transactions; 

• 407 grand jury subpoenas; 

• 11 search warrants; 

• 29 administrative subpoenas/summons; and 

• 3 indictments. 

The FDIC plays a particularly active role in ensuring that the 314(a) program 
runs effectively by maintaining point of contact information for FDIC-supervised 
and national banks. By properly maintaining this information, the FDIC ensures 
that banks are able to act on 314(a) requests in the timeliest fashion. 

The 314(a) requests should not be confused with the list published by the Depart- 
ment of the Treasury’s Office of Foreign Assets Control (OF AC). The Section 314(a) 
request pertains to suspects and material witnesses to significant terrorist/money 
laundering investigations, and is confidential. Further, the names are subject to a 
one-time search of bank records, and banks are not required by law to terminate 
account relationships. The OFAC list is a public list which contains names of indi- 
viduals, organizations and countries against whom the United States has instituted 
sanctions. Financial institutions must have a formal process for regular searches of 
records and transactions against updated OFAC lists. 

Although the Section 314(a) requests have improved our ability to identify pos- 
sible money laundering or terrorist financing activity, other provisions of Section 
314 may be underutilized or could be improved. For example, under Section 314(b), 
there is a safe harbor for bankers to discuss suspect transactions with other banks 
that are counterparties in a transaction. It appears that only 10 percent of insured 
financial institutions use this safe harbor even though it creates an opportunity to 
gain a better understanding of, and develop additional information about, question- 
able transactions before they are reported. In addition, under Section 314(a), finan- 
cial institutions generally have a 14-day window to report a positive “hit.” This 
timeframe should be evaluated to determine whether this permissible reporting 
delay is realistic since the information may not be received until well after criminal 
activity occurs. As law enforcement, bank regulators and the industry gain experi- 



62 


ence with the USA PATRIOT Act, we must continually evaluate its implementation 
to ensure that it is as effective as possible. 

Responsibilities of the FDIC to Facilitate BSA Compliance 

All FDIC-supervised institutions are required to establish and maintain proce- 
dures designed to assure and monitor compliance with the requirements of the BSA. 
Section 326.8 of the FDIC’s rules and regulations requires that all FDIC-supervised 
institutions maintain BSA compliance programs that include controls, training, and 
independent testing necessary to assure that effective programs are in place. 

In addition to examining State-chartered, nonmember banks for compliance with 
the BSA and underlying regulations, the FDIC is required to make periodic reports 
regarding violations of Treasury’s financial recordkeeping rules to the Treasury. The 
purpose of the BSA examination is to determine the effectiveness of a financial in- 
stitution’s anti-money laundering program. Specifically, every BSA examination fo- 
cuses on the oversight provided by a bank’s senior management and its respective 
Board of Directors, as well as the system of controls put in place to identify report- 
able transactions, prepare CTR’s, monitor the purchase and sales of monetary in- 
struments and electronic funds transfer activities, comply with the OFAC laws and 
regulations, administer information sharing requirements under Section 314(a) of 
the USA PATRIOT Act, administer the Customer Identification Program, and report 
suspicious activities. Although the BSA regulations do not prescribe the frequency 
with which BSA compliance should be reviewed, examination procedures for BSA 
compliance are included within the scope of FDIC safety and soundness examina- 
tions. Since 2000, the FDIC has conducted almost 11,000 BSA examinations. 

The FDIC is the primary Federal regulator of approximately 5,300 insured finan- 
cial institutions holding total assets of almost $1.7 trillion. The majority of FDIC- 
supervised institutions are small and located outside a Metropolitan Statistical Area 
(MSA), 1 in less-densely populated areas. To effectively supervise BSA compliance at 
State nonmember banks, the FDIC has adopted a risk-focused approach. An institu- 
tion’s level of risk for potential money laundering determines the necessary scope 
of the BSA examination. For example, an examiner might consider an institution 
with the following characteristics to have a low money-laundering risk: located in 
a rural area; not located in a high-risk money laundering and related financial 
crimes area (HIFCA); 2 small asset size; small deposit base; known and stable cus- 
tomer base; stable management and employee base; and relatively few CTR’s. 

On the other hand, an institution located in a HIFCA or engaged in particularly 
risky business lines will receive significantly more scrutiny under the FDIC’s risk- 
focused compliance examinations due to their elevated risk profiles. Current HIFCA 
designations for money laundering are assigned to the MSA’s of New York City, Los 
Angeles, Chicago, San Francisco, and Miami. HIFCA’s also include the Mexican bor- 
ders with Texas and Arizona as well as San Juan, Puerto Rico. Financial institu- 
tions located in a HIFCA, or that have certain characteristics that may indicate a 
greater risk of money laundering or related vulnerabilities, undergo an expanded- 
scope BSA examination. These examinations include extensive transaction testing 
designed to validate management’s compliance with BSA and anti-money laundering 
regulations. 

Regardless of the risk profile of a particular institution, the FDIC understands 
that all institutions are at risk of being utilized to facilitate money laundering and 
terrorist financing. In today’s global banking environment where funds are trans- 
ferred instantly and communication systems make services available nationally, 
even a lapse at a small financial institution outside of a major metropolitan area 
can have significant implications in another location across the Nation. The more 
difficult it is for criminals and terrorists to gain entry into the American financial 
system, the more likely it is that they will need to rely on less secure and less effi- 
cient means of financing their activities. 

While it has been our experience that the vast majority of FDIC-supervised insti- 
tutions are diligent in their efforts to establish, execute, and administer effective 


1 The Office of Management and Budget defines an MSA as an area with either a minimum 
population of 50,000 or a Census Bureau-defined urbanized area with a total population of at 
least 100,000. MSA’s comprise one or more counties and may include one or more outlying coun- 
ties that have close economic and social relationships with the central county. An outlying coun- 
ty must have a specified level of commuting to the central counties and also must meet certain 
standards regarding metropolitan character. For example, the Washington, DC MSA extends 
from Frederick, Maryland, to Fredericksburg, Virginia, and includes two counties in West Vir- 
ginia. 

2 HIFCA is a term used in the Money Laundering and Financial Crimes Strategy Act of 1998 
as a means of concentrating law enforcement efforts at the Federal, State, and local levels in 
high intensity money laundering zones. 



63 


BSA compliance programs, there have been instances where controls and efforts 
were lacking. In those cases, the FDIC implements a range of corrective measures 
to ensure that banks comply with the law. Generally, weaknesses noted in BSA 
compliance have been technical in nature and have not resulted in the facilitation 
of money laundering or terrorist financing activities. Usually, bank management is 
responsive to correcting the deficiencies within the normal course of business. In 
cases where significant deficiencies are cited during a BSA examination, bank man- 
agement is required to address such deficiencies in a written response to the FDIC 
that outlines the corrective action proposed and establishes a timeframe for imple- 
mentation. 

In cases where an institution has been lax in administering its BSA compliance 
program and failed to correct previously identified deficiencies, including significant 
violations of law, the FDIC has procedures to obtain commitments from bank man- 
agement to correct the deficiencies. The procedures generally require some type of 
formal or informal enforcement action. The FDIC can also utilize its authority to 
assess civil money penalties against an institution for noncompliance with BSA. In 
addition, significant violations are referred to FinCEN, in accordance with the BSA, 
which also has the authority to assess civil money penalties for noncompliance with 
the BSA. 

The FDIC believes in a flexible supervisory approach using technical guidance, 
moral suasion, and a gradual escalation of enforcement action as appropriate. How- 
ever, a more aggressive supervisory approach may be necessary to effect correction 
when a greater risk for money laundering exists within an institution due to willful 
noncompliance with the BSA and/or the absence of an effective BSA program. The 
type of enforcement action pursued by the FDIC against an institution is directly 
related to the severity of the offense, management’s willingness and ability to effec- 
tively implement corrective action, as well as the extent to which the program has 
failed to identify and/or deter potential money laundering. Additionally, the nature 
of the criticism, the response to prior weaknesses or violation notifications, and the 
overall risk profile of the institution are factored into the type of supervisory action. 
When weaknesses are identified at institutions that have a high BSA risk profile, 
such as those located within a HIFCA, the FDIC has been aggressive in taking for- 
mal supervisory action. In addition, the FDIC has the authority to remove and/or 
prohibit an individual from the banking industry for deliberate or negligent actions 
related to money laundering. 

FDIC Efforts to Thwart Money Laundering and Terrorist Financing 
Activities 

In order to identify money laundering and terrorist financing activity, it is impor- 
tant to know the differences between the two activities. Money laundering generally 
involves the following factors: 

• Profit is the motivation; 

• “Dirty money” is laundered; 

• Funds are derived from the crime; 

• Large sums of money are involved (generally); 

• Shell companies and offshore centers are frequently used; 

• Complicated structures are created often requiring attorney or trustee involve- 
ment; 

• Assets are purchased with illicit funds, then sold, thereby converting to “clean” 
cash; and 

• Use of official or counterfeit bank checks or wire transfers. 

Terrorist financing differs as it generally involves the following factors: 

• Ideology is the motivation; 

• Both “clean money” and “dirty money” are laundered; 

• Funds are often derived from donations and crime; 

• Both large and small sums of money are involved; 

• Banks and money exchanges (including alternate value transfer systems) are 
used; 

• Charities and front operations are used; and 

• Funding sometimes derives from government “state sponsorship .” 3 

These distinctions between money laundering and terrorist financing are impor- 
tant when evaluating suspicious bank transactions. 


3 State sponsorship can be described as implicit or explicit action or funding by a government 
to endorse terrorist activity. 



64 


The FDIC examines CTR’s and SAR’s to determine, in part, a bank’s compliance 
with the BSA. Examiners analyze an institution’s volume and trend in CTR and 
SAR filings to assist in risk scoping the examination. For example, increases in the 
volume of CTR’s filed may be the result of deposit growth, the elimination of ex- 
empted businesses, or increases in retail or other high-risk customers. Decreases 
may be caused by the failure of the bank to file CTR’s, an increase in the number 
of exempted businesses, the elimination of retail and/or other high-risk customers, 
or structuring transactions to avoid reporting requirements. 

Increases in the number of SAR’s filed may be due to an increase in high-risk cus- 
tomers, entry into a high-risk market or product, or an improvement in the bank’s 
method for identifying suspicious activity. Decreases may be the result of defi- 
ciencies in the bank’s process for identifying suspicious activity, the closure of high- 
risk or suspicious accounts, personnel changes, or the failure of the bank to file 
SAR’s. 

When appropriate, examiners conduct transaction testing during a BSA examina- 
tion to determine if reportable transactions have been captured on the bank’s sys- 
tem and if a CTR was filed. In the case of a structured transaction, an examiner 
will determine if a SAR was filed. As part of the CTR and SAR validation process, 
an examiner may also note if the SAR reports fraud and/or insider abuse which is 
closely linked to money laundering and other illicit acts. Also, examination staff 
may use SAR’s as a basis for further evaluation of the conduct of insiders who may 
eventually be removed and/or banned from the banking industry under Section 8(e) 
of the F ederal Deposit Insurance Act. 

Since 2001, the FDIC has issued 30 formal enforcement actions against 25 finan- 
cial institutions and three individuals to address severely deficient BSA compliance 
efforts and/or ineffective anti-money laundering controls. These actions include 25 
Orders to Cease and Desist, three Orders of Prohibition which ban individuals from 
participating in the banking industry and two Civil Money Penalty Assessments 
against related entities in the amount of $7,500,000. Fourteen of the 25 Cease and 
Desist Orders were issued in response to severe and/or chronic BSA-related defi- 
ciencies that exposed those institutions to a high vulnerability of possible money 
laundering activity. 

The FDIC also has effectively utilized informal actions such as bank board resolu- 
tions and memoranda of understanding to strengthen the BSA compliance efforts of 
its supervised institutions under appropriate circumstances. The informal actions 
also put the bank’s board of directors on notice of their responsibility to ensure BSA 
compliance. Since 2001, FDIC-supervised institutions have entered into 53 informal 
actions with BSA-related provisions. 

FDIC Participation in Interagency Working Groups 

The FDIC participates in numerous interagency working groups formed for the 
purpose of drafting risk-based revisions to the BSA, required by the USA PATRIOT 
Act, and developing interpretive guidance for the financial services community. The 
FDIC has worked actively with Treasury and the financial regulators in developing 
regulations and guidance to implement the USA PATRIOT Act. For many years, the 
FDIC has worked with the Treasury, FinCEN and the other banking agencies in 
setting international standards, developing policies, and implementing best practices 
to combat money laundering and, more recently, terrorist funding as part of the na- 
tion’s anti-money laundering regime. 

The FDIC also participates in the Bank Secrecy Act Advisory Group, which is a 
public-private partnership devoted to the discussion of money laundering schemes, 
enforcement of anti-money laundering laws, and remedies for making all reporting 
processes more efficient. The BSA Advisory Group has 43 members with representa- 
tives from all bank regulatory agencies; law enforcement; the securities, insurance, 
and gaming industries; and the banking industry. The BSA Advisory Group and its 
subcommittees are currently evaluating all aspects of the BSA (implementing rules 
and reporting requirements) and developing recommendations to make these areas 
more efficient. 

International Outreach Programs 

The FDIC believes that strong governance of foreign banking programs reduces 
opportunities for money laundering and increases the ability to identify sources of 
terrorist financing. The FDIC actively participates in working groups and technical 
assistance missions sponsored by the Departments of State and Treasury to assess 
vulnerabilities to terrorist financing activity worldwide and to develop and imple- 
ment plans to assist foreign governments in enforcement efforts directed toward 
financial crimes. To facilitate its commitment to these assignments, the FDIC iden- 
tified a group of 22 examiners and attorneys who have received specialized training 



65 


in identifying money laundering and terrorist financing. Over the past 2 years, sev- 
eral of these individuals and others have worked with over 62 countries to provide 
technical assistance and training, meeting with supervisory and law enforcement 
representatives, senior prosecutors, and financial intelligence unit directors, and as- 
sisting in the development of foreign-directed BSA training programs. In all cases, 
the foreign officials from these countries ranging from Caribbean to European to 
Middle Eastern war-torn countries expressed interest in the FDIC’s anti-money 
laundering examination programs and our progress in implementing PATRIOT Act 
provisions. Some of these countries have a myriad of issues and concerns with regu- 
latory compliance and secrecy laws. Further, through participation on the Basel 
Committee, the FDIC has assisted in the evaluation and issuance of international 
guidelines on money laundering. 

In addition, the FDIC provided substantial assistance to the Department of the 
Treasury in drafting the anti-money laundering/antiterrorist financing rules for the 
Iraqi Coalition Provisional Authority in Baghdad. The comprehensive framework 
was drafted for the new Iraqi government to implement and conform to inter- 
national standards. 

Current Initiatives 

Since the passage of the USA PATRIOT Act in 2001 (which augments the BSA 
to address the risk of terrorist financing activities), the FDIC has been involved in 
a number of activities, including: implementing rules and interpretive guidance, in- 
corporating changes into examination procedures, training examiners, and partici- 
pating in industry outreach sessions. The agency participated in the rulemaking 
process of relevant parts of the USA PATRIOT Act and has participated in a num- 
ber of working groups focused on counter-financing of terrorism and the USA PA- 
TRIOT Act. In conjunction with these activities, and, in part, to address some rec- 
ommendations identified in a recent FDIC Office of Inspector General report, we 
have undertaken a number of initiatives to enhance the FDIC’s enforcement of the 
BSA. 

Upgrading Staff 

Consistent with the increased importance of the BSA, the additional workload as- 
sociated with the USA PATRIOT Act, and greater emphasis on international efforts 
to combat terrorism, the FDIC has taken additional steps to ensure that these areas 
receive increased attention. The FDIC is dedicating more staff to its Special Activi- 
ties Section, which oversees the nationwide implementation and coordination of the 
FDIC’s BSA, anti-money laundering, and PATRIOT Act efforts. Additionally, the 
FDIC is designating and training additional BSA subject matter experts. The FDIC 
expects to double its number of BSA experts over the next 18 months. Currently, 
the FDIC has more than 150 BSA experts nationwide. Multiple experts are assigned 
to offices that examine several institutions having characteristics that may indicate 
greater money laundering or related vulnerabilities. 

Additional Training 

In an effort to increase the level of BSA expertise in the field, the FDIC is requir- 
ing all examiners to complete additional formal training on BSA anti-money laun- 
dering and PATRIOT Act issues by year-end 2004. This computer-based training 
also will be offered to all State banking authorities and other regulators who wish 
to provide additional training for their staff. As a supplement to the required addi- 
tional training, the FDIC is participating in the planning and development of anti- 
money laundering training for examiners that is sponsored by the Federal Financial 
Institutions Examination Council. 

Updating Examiner Guidance 

The FDIC continues to reevaluate and modify as necessary all BSA anti-money 
laundering and antiterrorism examination and industry guidance to ensure the in- 
corporation of changes resulting from passage of the USA PATRIOT Act. This effort 
involves reviewing all written guidance for examiner and industry use, working with 
other bank regulators and Federal law enforcement in assessing the guidance and 
using conferences and other public forums to communicate any changes required by 
banks for compliance with the law. 

Improving State Examinations 

The FDIC has an alternating examination program with most State banking de- 
partments. In this program, the FDIC and State authorities alternate, or conduct 
every other examination, accepting or using the other agency’s examination findings 
to meet mandatory examination cycle requirements. While the FDIC reviews BSA 



66 


compliance each time it examines a State-chartered, nonmember bank, not all 
States conduct similar examinations. 

Beginning this month, in those instances where a State banking authority does 
not conduct Bank Secrecy Act exams, the FDIC will send an examiner to conduct 
an examination for BSA and anti-money laundering compliance concurrent with the 
State authority’s safety and soundness examination. This initiative will ensure that 
all FDIC-supervised banks are reviewed for money laundering and terrorist financ- 
ing activity during every examination cycle. Conducting a BSA examination concur- 
rent with the State’s safety and soundness examination is expected to reduce the 
regulatory burden upon the financial institution by scheduling both events simulta- 
neously rather than multiple examinations conducted during a given year. 

In addition, 10 sTates have committed to beginning BSA-examinations in 2004. 
The FDIC will assist those States as necessary with training to facilitate thorough 
state evaluations of BSA compliance. 

Improving Reporting 

The FDIC has centralized the monitoring process for FDIC-supervised banks with 
serious BSA, anti-money laundering and antiterrorist financing program defi- 
ciencies. This allows senior Washington Office personnel to confer with regional 
staff to ensure that a consistent supervisory approach is applied on a national basis. 
In addition, the FDIC recently centralized the process for referring BSA violations 
to FinCEN which provides consistency in reporting. These centralization efforts also 
will enable the FDIC to analyze historical data internally to identify emerging 
trends and issues among FDIC-supervised banks. 

In order to provide more information to financial institutions and the general pub- 
lic, a section of the FDIC’s external website is devoted to the Bank Secrecy Act, anti- 
money laundering and counter-financing of terrorism issues. 

Improving Government and Industry Coordination 

While there has been marked improvement in information sharing among Govern- 
ment agencies in recent years, communication between Government entities and the 
banking industry could be improved. Current communication tends to be limited to 
requests for information and responses to those requests. We should also create a 
better dialogue between the industry, the regulators, and law enforcement about 
how our banking system can be used for nefarious purposes. We should continue 
to work to eliminate any barriers that exist between Government and the industry 
to foster more seamless communication about both the broader context and potential 
threats. In my view, these efforts would help us detect and deter the use of the fi- 
nancial system by criminals and terrorists. 

Conclusion 

The FDIC believes that a vigilant BSA, anti-money laundering and antiterrorist 
financing supervisory program requires that appropriate supervisory actions be 
taken to support compliance with Treasury and FDIC regulations and guidance. 
Proper supervision of banks to ensure that they maintain effective programs creates 
an environment where terrorists know that any attempt to use the American finan- 
cial system to fund their operations pose an unacceptable risk of discovery. 

The FDIC diligently enforces the BSA by establishing a comprehensive super- 
visory approach that includes conducting thorough BSA compliance examinations 
and ensuring an appropriate supervisory approach when BSA concerns exist in 
FDIC-supervised institutions. In addition, the FDIC is proactive in addressing re- 
cent changes to the BSA by incorporating those rules into examiner and industry 
guidance, providing various forms of examiner and industry training and outreach 
sessions, and assisting in global anti-money laundering and antiterrorist financing 
efforts. 

The FDIC is fully committed to preventing the use of the financial system to sup- 
port criminal or terrorist activities. Highly trained bank examiners are a major re- 
source in this fight that cannot be easily duplicated. They are in every bank in the 
country, they are able to identify suspicious relationships and transactions and they 
have the power to dig deeply into the facts when warning flags are raised. While 
the current system is not perfect, we should approach reforms carefully to ensure 
that they do not duplicate resources and expertise that already exist and do not in- 
advertently interfere with the achievement of the goals that we all share. 

This concludes my testimony. I would be happy to answer any questions and 
would like to thank the Committee for providing this opportunity to discuss the 
FDIC’s role in enforcing the Bank Secrecy Act and assisting the overall effort to 
fight money laundering and terrorist financing activity. 



67 


PREPARED STATEMENT OF JAMES E. GILLERAN 

Director, Office of Thrift Supervision 
U.S. Department of the Treasury 
June 3, 2004 

Introduction 

Good morning, Chairman Shelby, Senator Sarbanes, and Members of the Com- 
mittee. Thank you for the opportunity to testify at today’s hearing on the Bank Se- 
crecy Act (BSA), as amended by the USA PATRIOT Act. My testimony provides an 
overview of the BSA and OTS’s compliance responsibilities under the BSA and 
Home Owners’ Loan Act (HOLA), describes our work to implement the USA PA- 
TRIOT Act and strengthen oversight of the BSA, and reports on the state of thrift 
compliance with the BSA and on how OTS responds to failures and deficiencies to 
comply with the Act. My statement also explains requirements for thrifts to file sus- 
picious activity reports (SAR’s), and summarizes an ongoing GAO audit of the agen- 
cy on BSA implementation by OTS. 

OTS fully supports the goals and objectives of the BSA and the USA PATRIOT 
Act through policies, programs, and regulatory, supervisory, and enforcement initia- 
tives. We have examiners who are well trained and experienced in reviewing thrifts 
for compliance with the BSA and the USA PATRIOT Act. Our examiners know the 
institutions we regulate well and are well-positioned to identify and correct BSA 
problems. The average OTS examiner has over 16 years of experience. 

Our examiners have been using updated BSA examination procedures since Octo- 
ber of last year. We have strengthened our oversight by issuing internal guidance 
to our examiners and external guidance to the depository institutions. We have also 
developed and provided substantial new training programs for our staff over the last 
2 years, and increased the number of examiners who have been trained in BSA re- 
quirements and have developed proficiency in this area. 

The number of OTS examiners capable of conducting BSA reviews has increased 
by over 80 examiners, or by approximately 75 percent from 2001 to the present. We 
now have more than 190 examiners trained in BSA compliance issues, and we will 
continue to train staff and add expertise to our examination corps in this area in 
the coming year. We also shortened the examination cycle for BSA reviews since 
2001, from a 2 to 3 year cycle to a 12 to 18 month examination cycle, or more fre- 
quently if circumstances require. 

In addition, our field personnel communicate on a regular, on-going basis with 
OTS senior managers. Through frequent industry contact and ongoing supervision, 
OTS continually monitors industry BSA compliance efforts. We frequently consult 
with individual thrifts on their BSA compliance programs, such as reviewing 
changes in key personnel, unusual activity, or anomalous transactions that might 
warrant a field visit. 

In our experience, the most effective way to uncover BSA and USA PATRIOT Act 
deficiencies is through the ongoing examination process. Violations are usually dis- 
covered in fissures within an institution’s programs, controls or operations. Uncover- 
ing weaknesses in an institution’s BSA compliance program requires experienced ex- 
aminers who are familiar with the ongoing operations of the particular institutions 
they oversee as well as how various banking transactions are typically structured, 
industry best practices, and depository institution operations, generally. 

BSA compliance review is necessarily risk-focused — the review is tailored to con- 
sider the potential risk of money laundering or terrorist financing in different busi- 
ness lines. Our examiners have broad exposure to an institution’s entire business 
operation: Its organizational structure, business activities, normal range of trans- 
actions, risk management practices, the quality of its management, and its internal 
control environment. Our examinations and follow-up reviews enable us to monitor 
corrections and improvements in, and ongoing compliance with BSA/AML require- 
ments. Knowledge of, and familiarity with each institution’s risk profile puts OTS 
in the best position to effectively monitor the BSA compliance programs and activi- 
ties of the institutions we regulate. 

Background of the Bank Secrecy Act and Compliance Overview 

The Bank Secrecy Act (BSA), enacted in 1970, requires financial institutions to 
file certain currency and monetary instrument reports and maintain certain records 
for possible use in criminal, tax, and regulatory proceedings. The BSA’s purpose is 
to prevent financial institutions from being used as intermediaries for the transfer 
or deposit of money derived from criminal activity. Accordingly, the BSA require- 
ments result in a paper trail of the activities of money launderers serving the inter- 



68 


ests of terrorists, drug traffickers, and other elements of white collar and organized 
crime. 

Congress has amended the BSA several times over the years to strengthen its 
anti-money laundering (AML) and counter-terrorism financing purposes. The most 
recent, and perhaps most significant, set of amendments is found in Title III of the 
USA PATRIOT Act. The USA PATRIOT Act adopted strong and far-reaching re- 
quirements intended to prevent, detect, and prosecute terrorism, terrorist financing, 
and international money laundering. It has resulted in several new regulations that 
have a direct impact on a thrift’s BSA/AML compliance program. 

Since its enactment, OTS has worked vigorously and diligently to implement the 
USA PATRIOT Act. As detailed below, OTS has been actively involved in crafting 
regulations implementing various provisions of the USA PATRIOT Act, 1 and in 
issuing related guidance and examination procedures. OTS has been examining and 
working with the institutions we regulate to ensure compliance not only with the 
letter of the law, but also the spirit of its intended purpose. 

OTS’s BSA Oversight Responsibilities 

The Home Owners’ Loan Act (HOLA) authorizes OTS to require thrifts to comply 
with the BSA and provides very broad enforcement authority to compel this objec- 
tive. 2 The HOLA mandates that OTS issue regulations requiring thrifts to adopt 
BSA compliance procedures. At each examination we conduct, OTS reviews the re- 
quired procedures, documents its findings and describes any significant problems in 
the examination report. When a thrift fails to establish and maintain the required 
procedures, or fails to correct previously identified problems, our examiners and 
field supervisors are instructed to take enforcement action against the institution. 
In addition to the HOLA, we have enforcement authority under the Federal Deposit 
Insurance Act (FDIA), which also imposes AML recordkeeping requirements on 
thrifts and other insured depository institutions. 3 

To discharge our responsibilities under the HOLA and FDIA, OTS issued a BSA 
regulation that requires compliance with specific components of the BSA. 4 Our regu- 
lation also requires thrifts to comply with the Department of the Treasury’s BSA 
regulations, 5 including requirements for Customer Identification Programs (CIP’s), 
internal controls, testing for BSA compliance, and employee training on BSA/AML 
and related issues. 

OTS has also adopted a suspicious activity report (SAR) regulation that requires 
thrifts to file a SAR with FinCEN and the appropriate Federal law enforcement 
agencies when it detects a “known or suspected violation of Federal law or a sus- 
picious transaction related to a money laundering activity or a violation of the 
[BSA].” 6 These requirements are described in more detail later in this testimony. 

While OTS has broad enforcement authority to correct a deficiency or BSA viola- 
tion, choosing the appropriate supervisory response involves the careful balancing 
of a wide range of factors and the informed exercise of professional judgment and 
discretion. 

In our experience, the most effective way to resolve most BSA/AML compliance 
program deficiencies is as part of the overall examination process. We routinely re- 
quire thrifts to undertake corrective action in the course of an examination. Ad- 
dressing issues within the examination framework often results in a thrift promptly 
implementing necessary corrective action, and makes for fast and effective changes 
that we can immediately review. We believe that our examiners are in the best posi- 
tion to uncover problems with a thrift’s BSA/AML compliance program and to re- 
solve them quickly with management. The relationship between the institutions we 
regulate and our examiners is extremely constructive. 

It is our experience that most institutions appreciate the importance of BSA and 
the USA PATRIOT Act, and are committed to the concepts, goals, and objectives of 
these laws. We continue to work with thrift institutions to ensure that they have 
a strong, independent testing and verification process in place. Numbers bear out 
this contention. Since July of last year, we addressed BSA/AML compliance program 
deficiencies at 167 thrifts. Some of these deficiencies were self-reported by the insti- 
tutions, but the vast majority were identified during OTS examinations. The com- 


1 This statement references three sets of regulations. These are OTS’s BSA rule at 12 CFR 
§563.177; Treasury’s BSA regulation at 31 CFR Part 103, which applies to savings associations; 
and the interagency USA PATRIOT Act regulations, which are a part of Treasury’s BSA rule 
in Part 103, which apply to a wide range of financial institutions, including thrifts. 

2 HOLA § 5(d)(6). 

3 FDIA §21. 

4 12 CFR §563.177. 

5 12 CFR Part 103. 

6 12 CFR §563.180. 



69 


bination of self-reporting and issues identified in examinations uncovered 342 BSA 
violations at these institutions, mostly of Treasury’s BSA regulations at 31 CFR 
Part 103. In all cases, management either agreed with the examiner’s recommenda- 
tion and moved promptly to implement changes to fix the problem, or completed the 
recommended corrective action before the examination was completed. 

When the examination approach fails to resolve a BSA problem or issue, OTS can 
take enforcement action under FDIA Section 8 against a thrift and its related enti- 
ties for engaging in an unsafe or unsound practice or violating a law, regulation, 
condition imposed in writing, or written agreement. Under this authority, OTS may 
(i) issue cease-and-desist orders, (ii) issue removal, suspension, and prohibition or- 
ders, and/or (iii) impose civil money penalties. 

OTS Implementation of the USA PATRIOT Act 

Key Provisions of the USA PATRIOT Act 
OTS often, in coordination with FinCEN and the other Federal banking agencies 
(FBA’s), has participated in numerous initiatives to issue regulations, policy guid- 
ance, and examination procedures to implement the USA PATRIOT Act. For exam- 
ple, OTS issued an extensive staff summary of the USA PATRIOT Act in March 
2002. 7 This document informs institutions of the requirements of the Act and pro- 
vides information on its implementation. In particular, it discusses the USA PA- 
TRIOT Act in three sections, as follows: 

• The first section describes USA PATRIOT Act requirements that are applicable 
to all thrift institutions and that were effective immediately or in the near term, 
such as the information sharing requirements and the requirement that a finan- 
cial institution produce records relating to its BSA/AML compliance program or 
its customers within 120 hours of a request from the appropriate FBA. 

• The second section describes the new enhanced due diligence procedures for 
thrifts that engage in private banking or maintain foreign correspondent accounts. 

• The third section discusses USA PATRIOT Act provisions of general interest, such 
as the authorization for Treasury to impose special measures with respect to par- 
ticular institutions, jurisdictions, accounts, or transactions and the requirement 
that each thrift have a Customer Identification Program (CIP). 

OTS also issued a USA PATRIOT Act Update in August 2002. 8 The update in- 
cluded important guidance on the new CIP requirements, information sharing with 
law enforcement, and new due diligence requirements for foreign correspondent ac- 
counts and private banking accounts. The update noted that OTS would begin 
reviewing for compliance with the provisions when the new regulations became ef- 
fective, and urged institutions to carefully review the new regulations and their pre- 
ambles, and implement the new procedures as required. 

Customer Identification Programs 

The new CIP requirements, issued on May 9, 2003, by the Treasury Department, 
the FBA’s, the SEC, and the CFTC, set forth procedures for verifying the identity 
of anyone who opens an account, and requires institutions to maintain records to 
verify a customer’s identity, and to determine whether the customer appears on any 
list of known or suspected terrorists or terrorist organizations. An institution’s CIP 
must include risk-based procedures designed to enable the institution to form a rea- 
sonable belief that it knows the identity of its customers. OTS has been examining 
institutions for CIP compliance since the requirements went into effect on October 
1, 2003. 

Simultaneous with the issuance of the new CIP rules, OTS issued two additional 
pieces of guidance. 9 Customer Identification Programs: A Staff Summary and An- 
swers to Questions (the CIP Summary) (copy attached); and USA PATRIOT Act Pre- 
paredness Checkup: A Framework for Achieving Compliance with the New USA PA- 
TRIOT Act Regulations (the Checkup) (copy attached). 

The CIP Summary, the first guidance issued by a regulatory agency about the 
new CIP rules, alerted thrifts to the specific requirements of the new rules. The CIP 
Summary also specifies exactly what OTS is looking for when reviewing a thrift’s 
CIP, and addresses important questions about the CIP rules. 

The CIP Summary describes the types of accounts covered by the rule, who is a 
“customer” for purposes of the rules, and the specific requirements that a thrift’s 
CIP must meet. The CIP Summary also: 


7 OTS Notice: OTS Staff Summary of USA PATRIOT Act (March 20, 2002) (copy attached). 

8 Chief Executive Officer (CEO) Letter 166 (August 5, 2002) (copy attached). 

9 CEO Letter 175 (May 9, 2003) (copy attached). 



70 


• Notes the four pieces of identifying information that a thrift must obtain from a 
customer who opens a new account; 

• Indicates the methods (both documentary and nondocumentary) by which a thrift 
can verify the identifying information; 

• Discusses the recordkeeping requirements of the new rules; 

• Highlights the requirements about checking Government lists of suspected terror- 
ists or money launderers; 

• Notes that thrifts must be in compliance with the new rules beginning October 
1, 2003; and 

• Emphasizes that OTS would begin examining for compliance during all examina- 
tions beginning on or after October 1, 2003. 

The Checkup was issued the same day as the new rules and the CIP Summary. 
It remains the only checklist form of guidance about preparing for USA PATRIOT 
Act implementation issued by a regulatory agency. In the Checkup, OTS encouraged 
institutions to “ADApT” their current BSA/AML program to the new USA PATRIOT 
Act requirements: 

• Analyze their current program; 

• Develop a comprehensive BSA/AML program, which includes a CIP that address 
all of the thrift’s business lines; 

• Apply the revised program throughout the thrift’s day-to-day operations; and 

• Test the new program through internal audits and testing to ensure that the pro- 
gram is functioning as intended. 

The Checkup lists several questions a thrift should ask as it ADApTs to the new 
USA PATRIOT Act requirements. For instance, when Analyzing its current pro- 
gram, a thrift should consider, among other things, how its business operations ex- 
pose it to money laundering or terrorism financing risks. When Developing its new, 
enhanced BSA/AML program, a thrift should take a number of steps, including en- 
suring that the program addresses each of the new regulatory requirements and 
identify business operations that might require enhanced scrutiny. 

When Applying its new program, a thrift should ask itself whether staff is in- 
formed of the new requirements, whether appropriate customer identification infor- 
mation collection and verification practices are taking place, and whether private 
banking accounts and foreign correspondent accounts are being handled correctly. 
Finally, when a thrift Tests the new program, the Checkup provides a number of 
factors for the thrift to review, including ensuring that internal audits or compliance 
reviews identify shortcomings in the BSA/AML compliance program and seek 
prompt corrective action, and determining whether staff and service provider imple- 
mentation of the new regulatory requirements is keeping pace with the thrift’s oper- 
ational needs. Our examiners are instructed to explore all of these issues when 
examining an institution’s USA PATRIOT Act compliance. 

In January 2004, OTS, along with the other FBA’s, the SEC, and the CFTC, 
issued another importance piece of guidance, “frequently asked questions” (FAQ’s) 
to help explain the final CIP rule. 10 That document begins with a general descrip- 
tion of the CIP requirements and emphasizes that a bank’s CIP must include risk- 
based procedures for verifying the identity of each customer to the extent reasonable 
and practicable. The FAQ’s note that it is critical that each bank develop procedures 
to account for all relevant risks, including those presented by the types of accounts 
maintained by the bank, the various methods provided to open accounts, the type 
of identifying information available, and the bank’s size, location, and type of busi- 
ness or customer base. 

The FAQ’s also make clear that specific minimum requirements in the rule, such 
as the four basic types of information to be obtained from each customer, should be 
supplemented by risk-based verification procedures, where appropriate, to ensure 
that the bank has a reasonable belief that it knows each customer’s identity. 

The document also answers a number of common questions about the CIP rules, 
such as whether loans purchased from a car dealer are “accounts” (No) and whether 
a person who becomes a co-owner of an existing deposit account is a “customer” 
(Yes). The FAQ’s also consider whether a bank’s foreign subsidiaries are subject to 
the rule (No) and whether a bank may keep copies of documents provided to verify 
a customer’s identity even though not required to do so (Yes). The agencies are cur- 
rently working on a second set of FAQ’s on the CIP requirements, which are now 
circulating for approval at the agencies and will be issued soon. 


10 CEO Letter 188 (January 8, 2004) (copy attached). 



71 


Information Sharing 

Section 314 of the USA PATRIOT Act encourages cooperation and information 
sharing among financial institutions, regulators, and law enforcement. OTS has ac- 
tively participated in developing and implementing these requirements. 

On September 26, 2002, Treasury issued a final rule implementing the new infor- 
mation sharing requirements. In response to industry concerns about the regulatory 
burden of the requests for information, and after consulting with OTS and the other 
FBA’s, on November 26, 2002, Treasury placed a moratorium on information re- 
quests from law enforcement. Treasury subsequently streamlined the process and 
lifted the moratorium in February 2003. Since then, institutions have been respond- 
ing to requests for information from law enforcement. 

Last October, OTS alerted thrifts to new examination procedures to review thrift 
compliance with the new requirements, 11 and we incorporated the new procedures 
into our overall BSA examination procedures. Those procedures include a review of 
the institution’s procedures for promptly responding to law enforcement requests for 
information, documentation of any positive match with the requests, and copies of 
any vendor confidentiality agreements regarding services rendered pursuant to the 
requests. Examiners are also instructed to review copies of any SAR’s filed related 
to the information sharing process, as well as to review an institution’s analysis or 
documentation where a SAR was considered, but not filed. 

OTS also participates in quarterly meetings with FinCEN, the regulators, and 
representatives of law enforcement to discuss and further refine the information 
sharing process. Those meetings allow law enforcement to provide feedback to the 
regulators about how the information sharing process is working and for regulators 
to convey to law enforcement the views of financial institutions on how to improve 
the process. Items of discussion have included a breakdown of positive responses by 
type of financial institution and regulator, proposed enhancements to the various 
forms used in the process, and development of a secure, encrypted network to facili- 
tate the exchange of information between law enforcement and financial institu- 
tions. 

Foreign Shell Banks, Requests for Bank Records, and Summons Authority 

OTS has also issued specific guidance on the USA PATRIOT Act provisions ban- 
ning correspondent accounts for foreign shell banks, requiring financial institutions 
to produce records related to anti-money laundering compliance within 120 hours 
of an examiner’s request, and providing that Treasury or the Attorney General may 
issue a subpoena or summons to any foreign bank that maintains a correspondent 
account in the United States and may request the bank to produce records related 
to that account, including records maintained abroad. 

Treasury, through FinCEN and after consultation with OTS and the other FBA’s, 
issued a final rule implementing these new requirements on September 26, 2002. 
Last October, OTS alerted thrifts to the new examination procedures to review 
thrift compliance with the new requirements. 12 Under those procedures, examiners 
are to evaluate an institution’s policies and procedures for foreign correspondent ac- 
counts to determine whether they address the minimum requirements specified in 
the regulation, such as the responsible party for gathering the necessary informa- 
tion and the process for identifying foreign correspondent accounts. The procedures 
also require an examiner to, based on a risk assessment, sample foreign cor- 
respondent accounts, review the collection of requisite information and obtain any 
customer due diligence or other relevant information related to those accounts. We 
have incorporated those new procedures into our overall BSA examination proce- 
dures. 

Other Significant USA PATRIOT Act Provisions 

OTS also participates in a number of other ongoing working groups and projects 
related to specific provisions of the USA PATRIOT Act. For instance, Treasury 
consults with OTS, among others, when considering whether to impose special 
measures on a jurisdiction, institution, class of transactions, or type of account that 
the Department finds is of “primary money laundering concern.” To date, Treasury 
has imposed special measures on Nahru, Burma, and two Burmese banks, and has 
just issued a proposal to do so with regard to a bank in Syria. 

OTS has been involved in developing new regulations implementing the USA PA- 
TRIOT Act requirements that financial institutions have specific due diligence pro- 
cedures, including enhanced due diligence procedures, for correspondent accounts 
for foreign financial institutions or private banking accounts for non-U. S. persons. 


11 CEO Letter 183 (October 20, 2003) (copy attached). 
12 CEO Letter 183 (October 20, 2003) (copy attached). 



72 


On July 23, 2002, Treasury, after consulting with OTS and the other FBA’s, issued 
an interim rule imposing the Section 312 requirements on banks and thrifts. Treas- 
ury is drafting a final regulation implementing Section 312, and routinely consults 
OTS. 

Examination Procedures and Guidance 
In preparation for the October 1, 2003, compliance deadline for the new CIP re- 
quirements, OTS updated its entire BSA examination program. This revision in- 
cluded updating existing procedures and adding new sections to address specific 
USA PATRIOT Act requirements. We trained our examiners on the new procedures 
in mid-September 2003, and our examiners have been using the new procedures for 
all BSA examinations that commenced since October 1, 2003. Examiner reaction has 
been positive, with the examiners’ general perception that most institutions are tak- 
ing the necessary steps to comply with the new USA PATRIOT Act requirements. 
After extensive field testing, we are in the final stages of formally incorporating the 
new procedures in our OTS Examination Handbook. 

Under our comprehensive examination approach, many more examiners are now 
trained on conducting BSA examinations, which has expanded our capabilities im- 
mensely. We continually discuss and cover BSA and USA PATRIOT Act examina- 
tion issues at staff conferences, examiner team meetings, and examiner education 
initiatives. In addition to our September 2003 training on the new procedures, we 
have included BSA/USA PATRIOT Act discussions in our Compliance I, Compliance 
II, and Advanced Compliance examiner schools. We provided internal training on 
the new BSA/USA PATRIOT Act requirements at our National Applications Staff 
Conference in May 2003 and our National Compliance Training for Senior Manage- 
ment program in June 2003. We also provide online and CD-ROM study guides and 
training modules for our examiners. 

We actively participate in training programs and industry conferences throughout 
the country. Besides the guidance we have issued directly to institutions, we have 
participated in numerous interagency BSA/USA PATRIOT Act seminars and town 
meetings with industry representatives in all of our Regions. We also participated 
in BSA/USA PATRIOT Act discussions at various officer and director conferences, 
such as the FDIC’s Regional Directors conference, and numerous trade association 
conferences. These include conferences sponsored by America’s Community Bankers, 
the California Bankers Association, the Chicagoland Bankers Association, the Flor- 
ida Bankers Association, the Georgia Community Bankers Association, the Heart- 
land Community Bankers, the Iowa Bankers Association, Iowa Community Bankers 
and Iowa Independent Bankers Association, the Maryland Bankers Association, the 
Missouri Bankers, the North Carolina Bankers Association, the Suncoast Bankers 
Compliance Association, and the Wisconsin Community Bankers, among others. 

In implementing the new USA PATRIOT Act requirements and in examining 
thrifts for compliance under the new BSA procedures issued last October, OTS also 
has had the benefit of several recommendations made by the Treasury Department’s 
Inspector General, who conducted an audit of OTS’s enforcement actions taken for 
BSA violations. That audit report, issued September 23, 2003, and which covered 
the period January 2000 through October 2002, made certain recommendations to 
further enhance OTS’s supervisory process and data collection efforts. 

In response to these recommendations, OTS has issued both external and internal 
supplemental guidance on BSA/AML compliance programs and the enforcement of 
BSA obligations. This past March, OTS issued a regulatory bulletin that discusses 
OTS’s authority under the BSA, details the specific regulatory and statutory re- 
quirements applicable to thrift operations in this area, and sets out general enforce- 
ment guidelines that OTS will follow for violations of the regulatory and statutory 
requirements . 13 

The bulletin also lists the special factors that OTS will consider when determining 
the appropriate enforcement action for BSA/AML violations, including the following: 

• Whether the thrift has adequately corrected BSA/AML violations noted in a prior 
Report of Examination (ROE); 

• Whether the thrift’s BSA/AML compliance has deteriorated since violations were 
noted in the prior ROE, or there has been inordinate delay in making meaningful 
progress in addressing the violations; 

• Whether the violations in fact constitute, or reflect a material risk of, money laun- 
dering, terrorist financing, or structuring to avoid reporting requirements; and 


13 Regulatory Bulletin 18-6 (March 31, 2004) (copy attached). 



73 


• Whether the thrift identified the weaknesses itself through its BSA testing, audit, 
or self-evaluation efforts and the thrift has independently instituted timely and 
adequate corrective action. 

On April 5, 2004, we issued to our examiners new internal guidance elaborating 
on certain features of the regulatory bulletin. That guidance identifies specific BSA/ 
AML violations that must be noted in examination reports, unless the thrift ade- 
quately corrects the violations during the examination period. The internal guidance 
provides further instruction on when a thrift will be considered to have “adequately 
corrected” a violation. The internal guidance also specifies that all institutions, re- 
gardless of asset size, must have BSA compliance programs that address all the reg- 
ulatory requirements and are appropriate to the BSA/AML risks attributable to the 
thrift’s risk factors, operational complexity, and market circumstances. Finally, the 
internal guidance provides more detailed instructions to examiners on documenting 
BSA/AML violations in the appropriate OTS database. 

The guidance on entering BSA violations data into OTS’s new database is part 
of an ongoing, multiyear project to enhance and update our examination reporting 
database that was begun in January 2000. The update, now completed, encompasses 
all examination areas, including examination of a thrift’s BSA compliance program. 
Not only does our enhanced database enable OTS to more closely monitor a thrift’s 
compliance as well as industry trends and areas of interest, but also the data it is 
producing verifies our conviction that the most effective way to resolve deficiencies 
in a thrift’s BSA/AML compliance program is during the examination process. 

Finally, also as suggested by the Inspector General, we have enhanced our super- 
visory review of the BSA examination process. Specifically, to assure BSA violation 
data accuracy, each examiner-in-charge is now responsible for ensuring that BSA 
violations are entered into the data system correctly. This is often supplemented 
with a second level review and each region will conduct periodic quality assurance 
reviews to further ensure accurate data entry. We have drafted procedures for in- 
cluding BSA examinations and the integrity of system data entry in our ongoing 
Examination Quality Assurance reviews. Those reviews are designed to test compli- 
ance with OTS’s national standards for BSA examinations, including those dis- 
cussed in the new guidance. The initial review of examinations completed in the 
first quarter of calendar year 2004 will commence in the third quarter. 

Assessment of Thrift Compliance with the BSA; OTS Enforcement 
The effective date for the updated procedures to conduct BSA examinations, Octo- 
ber 1 of last year, coincides with the effective date for the most recent USA PA- 
TRIOT Act regulation, the CIP rules. Although we have been using these new proce- 
dures only a short time, we have received preliminary feedback from examiners and 
supervisors in the field. 

That feedback is generally positive. We believe that the thrift industry, in general, 
is complying with the BSA and USA PATRIOT Act requirements. As in most areas 
of bank supervision, however, we continue to identify areas of weakness in some 
thrift institutions. We also periodically uncover significant problems at a small num- 
ber of institutions. In these situations, we move quickly and forcefully to correct vio- 
lations. We believe that our record of risk-based supervisory response to identified 
institutional weaknesses places OTS in an excellent position for ensuring that the 
thrift industry continues to meets its BSA/AML obligations. 

We have identified some recurring problems related to basic BSA/AML require- 
ments at some smaller institutions that have fewer resources to devote to compli- 
ance issues. The problems we see in these smaller thrifts are normally the same 
types we saw even prior to the USA PATRIOT Act. They generally involve the more 
administratively intensive requirements of the BSA program elements. For example, 
some smaller thrifts have inadequate training programs or fail to conduct an annual 
audit of the BSA compliance program that is fully independent. 

Generally speaking, smaller thrifts engaged in typical mortgage lending and 
FDIC-insured deposit taking in a local community tend to be exposed to a lower risk 
of money laundering as a result of the traditional nature of their operations. They 
tend to know their customers, have geographically limited operations, offer few or 
no international banking or private banking products and services, and conduct 
more streamlined, traditional banking operations focused on narrow, longstanding 
markets (normally mortgage lending). Even small institutions, however, are not free 
from the risk of money laundering activities and our reviews take that fact into con- 
sideration. 

The BSA compliance program at a small thrift — which still should be risk-based — 
need not be as elaborate as a program at a large, international financial institution. 
While a BSA compliance program must include all regulatory components, how each 
component is satisfied can vary depending on the operational risk presented by a 



74 


particular institution’s business. We have made clear to the industry and our exam- 
iners that all thrifts, regardless of size, must have BSA compliance programs that 
address all regulatory requirements and are appropriate to the BSA risks attrib- 
utable to their operational complexity and market circumstances. 

OTS has backed up that message by issuing a number of formal enforcement or- 
ders to ensure that savings associations comply fully with the requirements of the 
BSA. For example, in October 2003, OTS issued a comprehensive cease-and-desist 
order to a savings association requiring that it develop and implement effective BSA 
and AML programs, including procedures to ensure that SAR’s and CTR’s are filed 
as required by law. OTS also fined the institution $175,000 for its past violations. 
OTS is closely monitoring the institution’s compliance with the order. 

In another example, OTS recently issued a cease-and-desist order against an insti- 
tution that had several problems with its BSA/AML compliance program. Those 
problems included failing to monitor large cash transaction activity in several com- 
mercial accounts, failing to file SAR’s, and failing to file CTR’s. Examinations also 
revealed weaknesses in the required BSA training programs. The cease-and-desist 
order required the thrift to strengthen its BSA compliance program, with particular 
attention to its CTR filing obligation and ensuring that its designated BSA officer 
had sufficient resources to perform BSA responsibilities on a day-to-day basis. 

In all, since we started using our new examination procedures last October, we 
have issued seven formal enforcement orders for BSA violations, including cease- 
and-desist orders, civil money penalties, and supervisory agreements. We also use 
the examination process to informally resolve a host of BSA/AML compliance issues. 
As I noted, since last July, we identified 167 thrifts with deficiencies in their BSA/ 
AML compliance programs — all of the institutions either agreed to implement 
changes and moved promptly to do so, or completed the recommended corrective ac- 
tion before the completion of their examination. Finally, we are actively inves- 
tigating several other possible violations of the BSA by thrifts, which may result in 
the issuance of other enforcement orders. 

Interagency Working Groups and Committees 

Cooperation with our fellow agencies is always important, and it is particularly 
crucial in the anti-money laundering context. Money laundering and the financing 
of terrorism are truly global issues, cutting across a wide range of business activi- 
ties, financial institutions, and international boundaries. The continuing fight 
against money laundering and terrorism demands coordinated, consistent efforts on 
both the national and international level. 

OTS and our Federal banking agency counterparts largely work hand-in-hand in 
this effort. I have already mentioned the number of USA PATRIOT Act-related 
working groups and regulatory projects to which OTS, as well the other Federal 
banking agencies, have contributed. Many of those projects continue, as the agen- 
cies, always in a concerted way, provide guidance and examination standards to the 
industry. A good example of such a continuing effort is the ongoing work to issue 
a second set of frequently asked questions about the Customer Identification Pro- 
gram rules. 

OTS also participates in the Bank Secrecy Act Advisory Group (BSAAG). The 
BSAAG is a unique collection of representatives from law enforcement, regulators, 
and the private sector charged with responsibility for advising the Secretary of the 
Treasury on matters relating to the administration of the BSA. With the USA PA- 
TRIOT Act’s expansion of the types of entities subject to anti-money laundering pro- 
gram requirements, the BSAAG’s membership has also recently expanded to include 
representatives from a wide variety of new industries, such as automobile dealers, 
life insurance companies, and money service businesses. 

Along with the other Federal banking agencies and representatives from a num- 
ber of law enforcement agencies, OTS is a member of the Bank Fraud Working 
Group. This forum enables participants to share information, and cooperate in iden- 
tifying individuals engaged in fraud and trends involving fraudulent activities. 

Even outside the formal working group context, cooperation between the Federal 
banking agencies on BSA/AML matters is consistent and long-standing. For in- 
stance, OTS cooperates with FinCEN and law enforcement agencies when matters 
of mutual interest are uncovered in OTS examinations or reviews. OTS and FinCEN 
have worked together to investigate and remedy BSA violations through the 
issuance of parallel enforcement actions. OTS also has frequently assisted law en- 
forcement agencies investigating possible criminal misconduct and has, on occasion, 
made its examiners available as testifying experts before grand juries. 



75 


OTS’s BSA Resources Webpage and Hotline 

To make information about the Bank Secrecy Act and USA PATRIOT Act easily 
accessible by thrifts and other interested parties, OTS maintains a page on its inter- 
net site with links to all the documents referred to in this testimony, including those 
related to CIP and other USA PATRIOT Act requirements, SAR’s, and recent an- 
nouncements. The webpage also includes links to FinCEN and to the Office of For- 
eign Asset Control (OF AC). The OTS’s BSA webpage can be accessed through OTS’s 
Internet site at www.ots.treas.gov. OTS also maintains a USA PATRIOT Act hotline 
for thrifts to call with questions about their BSA responsibilities. 

Suspicious Activity Reports (SAR’s) 

For many years, the BSA has authorized the Department of the Treasury to re- 
quire any financial institution to report suspicious transactions relevant to possible 
statutory or regulatory violations. Even before the FBA’s issued SAR regulations in 
1996, thrifts and other depository institutions were required to file criminal referral 
and suspicious transactions reports. The USA PATRIOT Act did not change the 
basic SAR requirement. 

OTS’s SAR regulations require a thrift to file a SAR when it detects a “known 
or suspected violation of F ederal law or a suspicious transaction related to a money 
laundering activity or a violation of the Bank Secrecy Act.” 14 To reduce regulatory 
burden on filers, depository institutions, and other filers submit SAR’s only to an 
IRS data center that maintains a unified SAR database on behalf of FinCEN and 
the FBA’s. FinCEN presently is testing a system to permit direct, secure on-line fil- 
ing of SAR’s. Currently, some filers still submit paper reports. Others deliver infor- 
mation electronically on tape or disk, which delays its inclusion in the database by 
approximately 1 month. When fully implemented, electronic filing will greatly im- 
prove the usefulness of the SAR database for regulators and law enforcement agen- 
cies. 

Because the SAR database contains highly confidential information of known or 
suspected criminal activities, on-line access is restricted to the FBA’s, certain other 
state and Federal agencies, and to law enforcement agencies, such as the FBI and 
the Secret Service. Banks and thrifts may not disclose a SAR or its contents, and 
the banking agencies do not share SAR information with non-SAR users. 

From 1996 through 2003, financial institutions filed nearly 1.3 million SAR’s. 
SAR’s related to thrifts account for less than 10 percent of all SAR’s. The total num- 
ber of SAR’s filed each year has grown significantly. For the 9 months of 1996 after 
the SAR requirements took effect, there were 52,069 SAR’s filed. For 2003, this had 
grown to 288,343. Nearly half of all SAR’s filed since 1996 have related to BSA and 
money laundering violations. Check fraud is a distant second, with nearly 12 per- 
cent. 

OTS staff members review SAR’s each month for possible enforcement action and 
to coordinate with law enforcement investigations. In addition, in preparing to con- 
duct a periodic examination of a thrift, examiners review the SAR’s that relate to 
the thrift, and during the examination determine whether there is an ongoing prob- 
lem that must be addressed. 

SAR’s are valuable tools. For instance, information in SAR’s allows FinCEN to 
identify emerging trends and patterns associated with financial crimes, which is 
vital to law enforcement agencies and provides valuable feedback to regulators and 
financial institutions. Here at OTS, information in thrift-filed SAR’s has resulted in 
a number of enforcement orders, including cease and order orders and prohibition 
orders. 

General Accounting Office Review 

The General Accounting Office (GAO) has recently initiated two new reviews in 
this area. One involves a review of the implementation of the anti-money laundering 
provisions of the USA PATRIOT Act by the banking agencies and others. GAO spe- 
cifically plans to review (i) the status of implementing the customer identification 
program and information sharing provisions, (ii) agency procedures for assessing 
compliance and enforcement, (iii) efforts to educate the industry about the new regu- 
lations, and (iv) the extent to which the agencies have revised and applied examina- 
tion guidance. 

The other review relates to BSA examinations and enforcement for depository in- 
stitutions. GAO intends to study (i) how the banking agencies audit for BSA compli- 
ance, (ii) the number and nature of BSA violations since the late 1990’s, (iii) how 
BSA violations are identified and addressed, (iv) consistency of BSA examinations, 
interpretation, and enforcement across the agencies, (v) the adequacy of the agen- 


14 12 CFR §563.180. 



76 


ties’ resources for BSA examinations and the new USA PATRIOT Act requirements, 
and (vi) the role of the Treasury Department in the agencies’ examination programs 
and enforcement efforts. 

Much of this testimony addresses what OTS has accomplished in the areas to be 
covered by the GAO reviews. We are working to provide GAO with the preliminary 
information they have requested and look forward to assisting them in their efforts 
in any way we can. 

OTS Recommendations to Enhance Existing BSA/USA PATRIOT Act Efforts 

We have identified several areas for consideration that we believe would enhance 
the existing BSA and USA PATRIOT Act efforts and initiatives. These are: 

• Establishing better communications among the FBA’s, FinCEN, the banking in- 
dustry and law enforcement, particularly with respect to systemic BSA violations 
and developing trends. We encourage such exchanges of information through sev- 
eral means, including advisories, guidance, meetings and personal communica- 
tions. 

• Enhancing the flow of information between law enforcement and depository insti- 
tutions. The information sharing process should be a two-way street. In order to 
review account records that might relate to terrorist financing, financial institu- 
tions need as much identifying information as law enforcement can provide. 
Additonally, law enforcement needs responses to its inquiries as quickly as pos- 
sible from depository institutions. The FBA’s can substantially assist in facili- 
tating the collection and exchange of this vital information. 

• Improving FBA coordination and BSA/AML awareness and training via a more 
formalized procedure within the Federal Financial Institutions Examination 
Council (FFIEC). This includes improving communications among the FBA’s and 
FinCEN regarding known schemes to evade BSA/AML laws, as well as having 
FinCEN supplement BSA training programs within the FFIEC so that all the 
FBA’s and FinCEN are consistent in the application of BSA/AML standards. 

Conclusion 

We have always taken our responsibility to oversee compliance with the BSA seri- 
ously. The original focus of the BSA was to prevent criminal money laundering ac- 
tivities. Since the events of September 11, 2001, and the enactment of the USA PA- 
TRIOT Act, the focus of the BSA has expanded to include the war against terrorism. 

OTS has redoubled its efforts under the BSA and the new USA PATRIOT Act re- 
quirements. We have: 

• Helped educate the thrift industry through a variety of mechanisms; 

• Provided additional training for staff; 

• Greatly expanded the number of examiners who are reviewing BSA and USA PA- 
TRIOT Act compliance on an on-going basis; 

• Halved the interval between BSA examinations; 

• Developed and implemented enhanced scoping and examination procedures; 

• Implemented a new BSA tracking and monitoring information system; 

• Improved internal controls governing data collection, examination, and enforce- 
ment activities; 

• Bolstered off-site BSA monitoring programs; 

• Adopted more robust and stringent enforcement policies; 

• Implemented a new BSA Quality Assurance audit program; and 

• Improved internal communications and external communications and coordination 
with other regulatory agencies, Treasury, and law enforcement. 

These actions collectively demonstrate our vigorous and diligent efforts to ensure 
maximum compliance with the intent and purpose of both the BSA and the USA 
PATRIOT Act. There is still more to be done. We pledge our continued efforts, look 
forward to your observations on these issues and await your questions. 


PREPARED STATEMENT OF JOANN M. JOHNSON 

Chairman, National Credit Union Administration 
June 3, 2004 

Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee, 
thank you for the invitation to testify before you on behalf of the National Credit 
Union Administration (NCUA) on the enforcement of the Bank Secrecy Act (BSA). 

Congress enacted the BSA to prevent credit unions and other financial institu- 
tions from being used as intermediaries for the transfer or deposit of money derived 



77 


from criminal activity. NCUA is the regulatory authority that monitors federally in- 
sured credit unions for compliance with the BSA. 

Supervision of BSA Compliance in the Credit Union Industry 

I am pleased to report to the Committee that historically federally insured credit 
unions have a good record of compliance with the requirements of the BSA. Credit 
unions are also substantially in compliance with Sections 314 (Information Sharing) 
and 326 (Customer Identification Program) of the USA PATRIOT Act. 

At the end of 2003, NCUA insured 9,399 credit unions. Almost 50 percent of fed- 
erally insured credit unions are small with assets less than 10 million dollars. The 
smaller credit unions are less likely to have transactions that trigger the record- 
keeping and recording requirements of the BSA. Additionally, approximately one- 
third of Federal credit unions have a single common bond sponsor. Officials in 
smaller credit unions and single common bond credit unions often have a more inti- 
mate understanding of their members’ transactions, which facilitates their compli- 
ance with the requirements of the BSA. Consequently, money laundering has not 
been a major problem for credit unions. 

Nevertheless, much has changed since the terrorist attacks of September 11. 
There is increased recognition that denying terrorists the ability to launder funds 
through the Nation’s financial system is an essential part of winning the war on 
terrorism. NCUA recognizes that as some federally insured credit unions increase 
in asset size, offer more complex financial services, and expand their fields of mem- 
bership, the possibility increases that they may be targeted by individuals or groups 
seeking to launder money. NCUA is mindful of our responsibility in this area. 

The Federal Credit Union Act requires NCUA to assure BSA compliance in feder- 
ally insured credit unions. Our responsibility is to ensure that all federally insured 
credit unions comply with applicable regulatory requirements and have effective 
programs in place to minimize the risk that they will be used to launder money. 
Federally insured credit unions are required to have BSA compliance programs that 
effectively monitor their daily operations to assure compliance with all applicable 
rules and regulations. 

To assure compliance, during each examination of a federally insured credit 
union, examiners review BSA compliance programs. In fact, the risk-focused exam- 
ination program used by NCUA examiners and State credit union examiners directs 
that a review of compliance with the BSA be completed at every examination. (In 
the one State that does not use NCUA’s risk-focused examination program, their ex- 
amination program directs a comparable review of BSA compliance.) While this re- 
view is mandated by the Federal Credit Union Act, the design of the review and 
our extensive examiner education in this area result from NCUA’s recognition of the 
important role of credit unions in preventing both money laundering and the financ- 
ing of terrorism. 

In addition to NCUA’s risk-focused examination program, NCUA has jointly par- 
ticipated with our fellow regulators and the Financial Crimes Enforcement Network 
(FinCEN) on a number of regulations designed to implement provisions of the USA 
PATRIOT Act. Also, NCUA is represented on the Bank Secrecy Act Advisory Group 
and the National Bank Fraud Working Group. And, as a member of the Federal Fi- 
nancial Institutions Examination Council (FFIEC), we work with other regulators 
to develop effective examiner education in this area and provide guidance on best 
practices to financial institutions. 

Among the 9,369 natural person credit unions, 3,593 are State-chartered, feder- 
ally insured institutions and have a State supervisory authority as their primary 
regulator. In accordance with its responsibility under the Federal Credit Union Act, 
NCUA reviews BSA compliance each time it conducts a credit union examination. 
In State-chartered, federally insured credit unions where the State regulator con- 
ducts the examination, the State examiner reviews for BSA compliance. All exami- 
nations of federally insured credit unions completed by a state regulator are re- 
viewed by NCUA staff. It should be noted, however, that NCUA does not review ex- 
aminations of privately insured credit unions and does not have enforcement au- 
thority for BSA compliance in those credit unions. 

During examinations, NCUA reviews the federally insured credit union’s oper- 
ations to assure that policies and procedures are in place for credit union staff to 
file Suspicious Activity Reports (SAR’s) relating to money laundering. Consolidated 
reports received from FinCEN concerning SAR filings are provided to NCUA re- 
gional staff and examiners to assist in the examination process of the BSA. 

In 2003, NCUA examined over 4,400 Federal credit unions and jointly partici- 
pated with the State regulators in over 600 examinations of state-chartered feder- 
ally insured credit unions. In addition, State regulators examined approximately 
2,500 federally insured credit unions. During those examinations, NCUA deter- 



78 


mined that there were 334 violations of the BSA. The violations were in 261 credit 
unions, representing 3.5 percent of credit unions examined. The most common viola- 
tions fell into three categories — inadequate written policy (63 percent), inadequate 
customer identification program (8 percent), or inadequate currency transaction re- 
porting procedures (7 percent). 

When an examiner identifies a violation of the BSA, immediate resolution of the 
violation is sought. Of the 334 violations, credit union officials, working with an ex- 
aminer, corrected or agreed to correct 99 percent of the violations during the on- 
site examination. Based on the severity of the violation, the examiner will establish 
supervision plans to ensure corrective action. 

In instances when violations at a federally insured credit union persist and/or are 
severe, NCUA has several options to initiate corrective action. They range from a 
letter from the NCUA Regional Director to formal administrative action including 
conservatorship. During 2003, NCUA Regional Directors issued one letter to a credit 
union that failed to have a BSA compliance program and entered into one Letter 
of Understanding and Agreement with credit union officials to ensure resolution of 
a multitude of problems from a failure to understand requirements of the BSA. 

NCUA will use a formal administrative action when necessary to correct BSA vio- 
lations. This has occurred twice in the recent past. NCUA placed one institution into 
conservatorship and issued a cease-and-desist order against another. The first in- 
stance involved a credit union with multiple violations; NCUA placed the institution 
into conservatorship, removing the board of directors and senior operational man- 
agement. NCUA then installed new management to correct deficiencies in internal 
controls and compliance programs. When systemic problems had been corrected, 
NCUA entered into a written agreement with the credit union committing the insti- 
tution to a rigorous compliance program. Approximately 10 months after imposing 
the conservatorship, NCUA returned operations of the credit union to its members. 

In the other instance, NCUA issued a cease-and-desist order to correct deficiencies 
in a credit union’s BSA program. NCUA required a review of past transactions 
using an acceptable independent auditor and a commitment to file appropriate docu- 
mentation regarding discovered violations. The credit union also agreed to retain a 
BSA compliance expert to evaluate its BSA program and to provide weekly edu- 
cation to all its employees in this area. 

NCUA Initiatives 

The enforcement of the BSA and its related rules has been and remains a priority 
for NCUA. NCUA has taken numerous initiatives to address BSA compliance in 
credit unions. These initiatives fall into the following general categories: 

• Examination Program 

• Examiner Education 

• Compliance Examiners 

• Credit Union Education 

NCUA adopted a risk-focused examination program in 2002. Under this program, 
each credit union’s examination is based on the examiner’s analysis of risk for that 
particular institution. There are three mandatory procedures in the risk-focused 
examination program, one of which is the completion of the questionnaire on compli- 
ance with the BSA. The mandatory questionnaire was updated last year to incor- 
porate recent provisions of the USA PATRIOT Act. 

NCUA educated all Federal examiners (approximately 600) for the implementa- 
tion of the risk-focused examination and provided a specific session on BSA compli- 
ance. Additionally, BSA compliance is addressed in core training for all NCUA 
examiners. State examiners also attend NCUA compliance training sessions. 

NCUA participates with the other FFIEC agencies in developing and delivering 
training in this area. We have worked with our fellow regulators to develop guid- 
ance for the industry in implementing new USA PATRIOT Act regulations. 

The NCUA Examiner’s Guide provides examiners with guidance in their review 
of a federally insured credit union’s compliance with the BSA. To ensure a field 
focus on compliance with the USA PATRIOT Act, an updated version of the Exam- 
iner’s Guide and the BSA questionnaire incorporating recent regulatory changes 
was issued to staff. 

In conjunction with the implementation of the risk-focused examination, NCUA 
has designated almost 30 compliance subject matter examiners. These examiners 
are called upon to assist in the examination of federally insured credit unions that 
exhibit a more complex operation or higher risk in compliance areas. Intensive 
training on the BSA (including the USA PATRIOT Act) was conducted at NCUA’s 
November 2003 Consumer Compliance Conference. Both Federal and state exam- 



79 


iners attended the class. In 2002, we also provided a day-long session on the BSA 
for the compliance examiners. 

In addition to on-site reviews of BSA compliance during examinations, NCUA has 
issued several publications to educate federally insured credit unions on BSA and 
USA PATRIOT Act compliance: 

• October 2001 — Issued Letter to Credit Unions, 01-CU-18, NCUA Request Relat- 
ing to Information Pertaining to the Terrorist Attacks 

• April 2002 — Issued Regulatory Alert 02-RA-02, USA PATRIOT Act Regulation to 
Improve Information Sharing 

• September 2002 — Issued Letter to Credit Unions 02-CU-14, Detection of Ter- 
rorist Financing 

• March 2003 — Issued Regulatory Alert 03-RA-03, USA PATRIOT Act Section 
314(a) Information Requests 

• May 2003 — Issued Regulatory Alert 03-RA-07, Final USA PATRIOT Act Regula- 
tions on Customer (Member) Identification 

• October 2003 — Issued Letter to Credit Unions 03-CU-16, Bank Secrecy Act Com- 
pliance 

• February 2004 — Issued Regulatory Alert 04-RA-04, USA PATRIOT Act Section 
326: FAQ’s for Customer Identification Program (CIP) and Enclosure 

Currently, NCUA is finalizing an update to its Compliance Self-Assessment Guide 
designed to assist federally insured credit unions in complying with regulations. 
With our focus on the BSA and USA PATRIOT Act, in October 2003 we issued this 
draft section to credit unions (attached). The guide highlights key requirements of 
the BSA and can be used as a quick reference tool for federally insured credit 
unions. 

Working with federally insured credit unions to ensure accurate point of contact 
information for Section 314 requests of the USA PATRIOT Act, NCUA revised its 
quarterly Call Report to capture point of contact information in March 2003. All 
credit unions must provide point of contact information each quarter. 

NCUA’s website ( www.ncua.gov ) is designed to provide easy access for federally 
insured credit unions to obtain a SAR form along with information on the proper 
filing of the form. This facilitates the ability of a credit union to file prompt reports. 

Looking forward, NCUA is committed to maintaining a dynamic examination pro- 
gram that will assure federally insured credit unions have effective programs in 
place to minimize the risk of money laundering. NCUA will continue to provide 
guidance to federally insured credit unions regarding compliance with the BSA. 

Conclusion 

Again, thank you, Mr. Chairman, for the opportunity to appear before you today 
on behalf of NCUA to discuss BSA compliance in the credit union industry. I am 
pleased to respond to any questions the Committee may have or to be a source of 
any additional information you may require. 


PREPARED STATEME N T OF WILLIAM J. FOX 

Director, Financial Crimes Enforcement Network 
U.S. Department of the Treasury 
June 3, 2004 

Chairman Shelby, Senator Sarbanes, and members of the Committee, I appreciate 
the opportunity to appear before you to discuss the role that the Financial Crimes 
Enforcement Network (FinCEN) can and should play in Bank Secrecy Act compli- 
ance and enforcement matters. As I noted the last time I appeared before this Com- 
mittee, we are indebted to the Committee for its leadership and commitment to 
furthering the efforts of our Government generally, and FinCEN in particular, to 
understand, detect and prevent money laundering and terrorist financing through 
the administration of the Bank Secrecy Act regulatory regime. 

As the delegated administrator of the Bank Secrecy Act, FinCEN bears responsi- 
bility for ensuring that it is implemented to achieve the ultimate goals of the Act — 
the institution of measures across the financial industry to prevent money laun- 
dering, terrorist financing and other financial crime, and the creation of records and 
reports highly useful to criminal, tax, regulatory, and counter-terrorism intelligence 
activities. While we eagerly accept this responsibility, we discharge it in large meas- 
ure through the Federal functional regulators and the Internal Revenue Service, 
who have been delegated responsibility to examine for Bank Secrecy Act compliance. 



80 


The Bank Secrecy Act regulatory system is unique in that its implementation in- 
volves 8 different Federal agencies. This unusual structure is both the Bank Secrecy 
Act’s strength and its weakness. It is a strength because it builds on the existing 
expertise and examination functions of the regulators who know their industries 
best. It is a weakness because of the risk inherent in such fragmentation and poten- 
tial for lack of accountability. 

Within this structure, FinCEN’s task is to build on these strengths while simulta- 
neously addressing the weaknesses. FinCEN, as the fulcrum must ensure that all 
those responsible are guided by the same interpretive principles and apply them in 
a consistent manner through a continuing dialogue among the regulators, the regu- 
lated industry, and law enforcement. 

My statement today outlines our role in this process and highlights the ways in 
which I think we can improve this process. 

Background 

By virtue of a delegation order from the Secretary of the Treasury and a statute 
passed as part of the USA PATRIOT Act, FinCEN is charged with the responsibility 
of administering the regulatory regime of the Bank Secrecy Act. Among other 
things, we issue regulations and accompanying interpretive guidance; collect, ana- 
lyze and maintain the reports and information filed by financial institutions under 
the Bank Secrecy Act; make those reports and information available to law enforce- 
ment and regulators; and ensure financial institution compliance with the regula- 
tions through enforcement actions aimed at applying the regulations in consistent 
manner across the financial services industry. FinCEN also plays an important role 
in analyzing the Bank Secrecy Act information collected to support law enforcement, 
identifying strategic money laundering and terrorist financing trends and patterns, 
and identifying Bank Secrecy Act compliance issues. 

FinCEN was created as an office within Treasury in 1990. Its original mission 
was focused on analysis — both tactical and strategic — of data collected under the 
Bank Secrecy Act along with other financial data. Treasury’s Office of Financial En- 
forcement (OFE) was originally responsible for the administration of the Bank 
Secrecy Act regulatory regime. In 1994, Treasury merged OFE into FinCEN and 
delegated the responsibility to administer the regulatory regime to FinCEN. Treas- 
ury sought to link the analytical functions with the administration of the regulatory 
regime that dictated the information that financial institutions were required to 
record and report. Adding responsibilities for administering the regulatory regime 
strengthened and expanded FinCEN’s analytical and intelligence abilities. 

Compliance Examination 

While FinCEN is responsible for ensuring compliance with the Bank Secrecy Act 
regulatory regime, FinCEN does not itself examine financial institutions for compli- 
ance. Instead, FinCEN taps the resources and expertise of other Federal agencies 
and self-regulatory organizations by relying on these agencies to conduct compliance 
exams, through delegations of authority that largely predated FinCEN. Examination 
responsibility has been delegated to other Federal regulators as follows: 

• Depository Institutions — The Board of Governors of the Federal Reserve, the 
Office of the Comptroller of the Currency, the Federal Deposit Insurance Corpora- 
tion, the Office of Thrift Supervision, and the National Credit Union Administra- 
tion have been delegated authority to examine the depository institutions they 
regulate for Bank Secrecy Act compliance. 

• Securities Broker-Dealers, Mutual Funds, and Futures Commission Merchants/In- 
troducing Brokers — FinCEN has delegated examination authority to the Securi- 
ties and Exchange Commission and the Commodity Futures Trading Commission, 
and relies on their self-regulatory agencies (such as the NASD, the NYSE, and 
the NFA) to examine these entities for compliance. 

• Other Financial Institutions — The Internal Revenue Service (Small Business/Self- 
Employed Division) has been delegated responsibility for examining all other 
financial institutions subject to Bank Secrecy Act regulation for compliance, in- 
cluding, for example, depository institutions with no Federal regulator, casinos, 
and Money Services Businesses (MSBs). 

Even in the absence of examiners, FinCEN has an important role in supporting 
the examination regime created through our delegations. FinCEN’s role involves 
providing prompt Bank Secrecy Act interpretive guidance to regulators, policy mak- 
ers and the financial services industry, and ensuring the consistent application of 
the Bank Secrecy Act regulations across industry lines, most notably through the 
rulemaking process and subsequent guidance. We promote Bank Secrecy Act compli- 
ance by all financial institutions through training, education and outreach. We sup- 
port the examination functions performed by the other agencies by providing them 



81 


access to information filed by financial institutions in suspicious activity reports, 
currency transaction reports, and other Bank Secrecy Act reports. We also facilitate 
cooperation and the sharing of information among the various financial institution 
regulators to enhance the effectiveness of Bank Secrecy Act examination and, ulti- 
mately, industry compliance. 

FinCEN has played a more robust role with the Internal Revenue Service to de- 
velop an examination regime for the many categories of businesses that are newly 
subject to anti-money laundering regulation. For example, we have worked exten- 
sively with the Internal Revenue Service to improve their examination procedures 
and capabilities for money services businesses, 1 including providing training, re- 
viewing exam procedures and the setting of priorities and goals. Finally, although 
done only to a limited extent now, we do provide some assistance with examination 
targeting and prioritization. 

Enforcement 

FinCEN has retained the authority to pursue civil enforcement actions against fi- 
nancial institutions for noncompliance with the Bank Secrecy Act and the imple- 
menting regulations. Under the Bank Secrecy Act, FinCEN is empowered to assess 
civil monetary penalties against, or require corrective action by, a financial institu- 
tion committing negligent or willful violations. 

Generally, FinCEN identifies potential enforcement cases through (1) referrals 
from the agencies examining for Bank Secrecy Act compliance; (2) self-disclosures 
by financial institutions; and, (3) FinCEN’s own inquiry to the extent it becomes 
aware of possible violations. Referrals from the examining agencies are regularly 
made to FinCEN. It should be noted that under Title 12, the banking regulators 
have authority to enforce certain regulations that fall under that statute as well as 
under the Bank Secrecy Act, such as the requirement that depository institutions 
have anti-money laundering programs. In addition, the Internal Revenue Service 
has authority to enforce certain Bank Secrecy Act requirements including the IRS/ 
FinCEN Form 8300 reporting for nonfinancial trades and businesses, and the Re- 
port of Foreign Bank and Financial Accounts by individual and entities. 

Efforts to Enhance Bank Secrecy Act Compliance 

Much of our work within FinCEN is devoted to the goal of maximizing industry 
compliance with the Bank Secrecy Act regulatory regime. But as the complexity of 
the regulatory regime, and the obligations imposed, continue to grow, our efforts 
must grow as well. Below, my statement outlines my priorities within FinCEN, in 
the short-term, to better enable us to assist the regulators in the examination proc- 
ess and further enhance our own capabilities to enforce the regulatory regime. I also 
have included a few ideas to consider as we look for ways to further enhance Bank 
Secrecy Act compliance and examination consistency. 

Short-Term Goals 

As I have explained previously, we are in the process of realigning FinCEN to po- 
sition ourselves to better fulfill our mission. As part of this, we will be restructuring 
our regulatory section to focus resources and create efficiencies around the functions 
of Bank Secrecy Act examination and enforcement: 

Creation of an Examination Program Office 

Within FinCEN’s regulatory office, we will create a new program office devoted 
solely to the Bank Secrecy Act examination function. Currently, the affected sub- 
stantive program area handles examination related issues on an ad-hoc basis. For 
example, individuals responsible for the Money Services Business program have 
taken a primary role in working with the Internal Revenue Service to develop and 
enhance their examination regime. The new structure will consolidate all examina- 
tion support functions and better enable FinCEN to provide the necessary support 
to regulatory agencies conducting Bank Secrecy Act compliance exams. As an initial 
priority, FinCEN plans to focus on assisting the Internal Revenue Service in its ex- 
amination function, particularly in light of the new regulations that FinCEN has 
and will issue to bring thousands of additional businesses under the Bank Secrecy 
Act anti-money laundering program provision. 


1 Under the Bank Secrecy Act and FinCEN’s implementing regulations, any person or group 
of persons doing business in the United States in one of the following capacities is defined as 
a money services business (MSB): currency dealers or exchangers; check cashers; issuers, sellers, 
or redeemers of travelers’ checks, money orders, or stored value; and money transmitters. 



82 


Dedication of Analytical Resources to Compliance Support and Examination 
Targeting 

We will also be providing specific analytical support to our Examination Office. 
Our analysts will exploit the Bank Secrecy Act and other data to identify, review 
and, through the Examination Office, refer anomalies involving specific financial in- 
stitutions to the appropriate regulator for review and examination. They will use 
the information to assist the regulators in examination targeting by identifying 
high-risk financial institutions or problem compliance areas to help the regulators 
prioritize and direct examination resources. The analysts will also work toward 
identifying new and emerging vulnerabilities that should be addressed through the 
examination process. We intend to work closely with the regulators in this process. 

Renewed Focus and Resources to Provide Interpretive Guidance 

As the complexity of the Bank Secrecy Act regulatory regime grows, so does the 
need for interpretive guidance. As part of our reorganization, we are placing a re- 
newed focus and resource commitment on the provision of guidance, both in the 
form of more comprehensive guidance documents as well as more immediate re- 
sponses to specific inquiries. With respect to the former, we intend to begin the proc- 
ess of issuing staff commentaries to the various provisions of the Bank Secrecy Act. 
This will involve close consultation with the regulators. Separately, we look to lever- 
age existing and develop additional industry experts to provide prompt guidance to 
specific questions as they arise, especially during the course of an examination. This 
will also require our working with the regulators to ensure that they know what 
mechanisms are available through which such guidance can be obtained. 

Review Enforcement Referral Guidelines and Reporting Requirements 

To improve the Bank Secrecy Act civil enforcement process, FinCEN intends to 
review the utility of developing updated guidelines to assist the Federal banking 
agencies, Internal Revenue Service and other agencies, as appropriate, in deter- 
mining bow and when to refer matters involving significant, alleged violations of the 
Bank Secrecy Act to FinCEN for consideration of civil money penalties. Currently, 
upon discovery of significant Bank Secrecy Act deficiencies during examination cy- 
cles, the Federal banking agencies, Internal Revenue Service and the Securities and 
Exchange Commission rely on a memo predating the creation of FinCEN on such 
matters. If appropriate, we will work closely with the regulators to revise these 
guidelines. 

In addition, the regulations delegating Bank Secrecy Act examination authority 
to the banking regulators provide that periodic reports shall be made, in a form and 
timeframe prescribed by Treasury. By memorandum, dated June 6, 1979, Treasury 
prescribed the form and timing of the periodic reports to be received from the bank- 
ing regulators, including the number of apparent Bank Secrecy Act violations dis- 
covered during the examination process. However, since its inception such reporting 
has been sporadic and it has not proved helpful. As a result, FinCEN plans on re- 
viewing the utility of receiving periodic reports, in a mutually agreed to format, to 
better enable FinCEN to review Bank Secrecy Act compliance and examination find- 
ings on a national basis across agency lines; such as, for example, reporting of reme- 
dial actions undertaken by financial institutions as a result of consent orders, 
memorandum of understanding, board resolution, supervisory letter, or other en- 
forcement mechanisms. 

MSB Compliance 

A top priority for FinCEN is the prevention of the financing of terrorism. One as- 
pect of achieving this goal is finding better ways to provide information to the regu- 
lated community to better identify potential terrorist activity. One area of particular 
focus in this regard will be money services businesses. Money services businesses 
continue to require more attention and resources, and FinCEN will undertake an 
initiative to educate segments of this industry most vulnerable to terrorist abuse of 
their financial services. These segments include small businesses that typically offer 
money remittance services, check cashing, money orders sales, and informal value 
transfer systems. Working with our colleagues in law enforcement, we hope to en- 
hance our outreach programs to include training on how terrorists have and may 
continue to use money services businesses; the reason for and importance of the reg- 
istration requirement; and the importance of complying with the anti-money laun- 
dering compliance program, reporting and recordkeeping requirements of the Bank 
Secrecy Act, especially suspicious activity reporting. In fact, suspicious activity re- 
porting for money services businesses should be streamlined by permitting the use 
of a simplified form to file, which we are currently developing. 



83 


Ideas for Enhanced Coordination 

Coordination among the regulators, industry, and law enforcement is the lynchpin 
of effective Bank Secrecy Act compliance. Since the passage of the USA PATRIOT 
Act, cooperation has only improved. On our side, we have developed a much closer 
working and collaborative relationship with the regulators on all aspects of Bank 
Secrecy Act administration. This has been reflected in the process of developing the 
new regulations, conducting outreach and training for the industry, and focusing on 
specific compliance issues. Indeed, provisions of the Act such as the customer identi- 
fication section required that FinCEN and the regulators issue regulations jointly. 

With respect to examinations, last month the Bank Secrecy Act Advisory Group 
formed a subcommittee devoted to identifying ways to better ensure examination 
consistency among the various regulatory agencies and industries. Representatives 
from industry, the regulatory agencies, and law enforcement will participate. This 
subcommittee is yet another vehicle through which FinCEN and the regulators can 
address the range of examination issues with the common goal of enhancing compli- 
ance on a national basis. 

In this context and elsewhere, we will all have to identify creative ways to facili- 
tate continued cooperation. Some ideas that I hope to explore with my colleagues 
include: 

Identification of Common Compliance Deficiencies 

Better identification of compliance issues revealed through the examination proc- 
ess on an interagency scale is an essential aspect of enhancing the overall effective- 
ness of the Bank Secrecy Act regulatory regime. FinCEN could serve a key role in 
facilitating that process by encouraging the regular sharing of common compliance 
deficiencies uncovered by the regulators. Summaries of deficiencies identified in fi- 
nancial institutions will expose areas to be addressed, interpretive questions to be 
answered, or even inconsistencies with the regulations themselves. Based on this 
information, FinCEN and the regulators would be able to focus its outreach and 
guidance efforts on emerging, possibly systemic problem areas affecting one or more 
financial industries. Similarly, regulators would be able to better focus their exam- 
ination resources on such areas. This data would also enhance the ability of FinCEN 
and the regulators to target their examinations and develop strategic examination 
goals across industry lines. 

Continued Collaboration on Examination Procedures 

To varying degrees, FinCEN has provided input into the development of examina- 
tion procedures for the banking regulators and the Internal Revenue Service. In 
fact, FinCEN is working with Internal Revenue Service now to revise its Bank Se- 
crecy Act Examination Manual, which guides the conduct of Bank Secrecy Act ex- 
aminations and is used as a training template for Bank Secrecy Act examiners. This 
is an important way in which FinCEN can communicate our examination priorities 
to the regulators and better ensure a consistent examination process by the various 
agencies. We have also begun to participate on a limited scale, resources permitting, 
as observers in exams performed by our regulatory partners. 

Joint Examiner Training 

As a complement to the established mechanisms through which the regulators 
train their examiners, we will explore joint training opportunities that will afford 
FinCEN the opportunity to supplement the training provided with programs specifi- 
cally targeted toward our Bank Secrecy Act compliance goals, including the possi- 
bility of our participating in multiagency anti-money laundering training at the 
Federal Financial Institution Examination Counsel. 

We have done such training already. For example, FinCEN has conducted joint 
training of Internal Revenue Service examiners on various Title 31 and USA PA- 
TRIOT Act requirements in recent IRS Examiner training classes. FinCEN also will 
be conducting training at an upcoming meeting of Internal Revenue Service super- 
visory level personnel who have Bank Secrecy Act examination responsibility. By 
training at tbe supervisory level (training-the-trainer), FinCEN can leverage its lim- 
ited resources to belp ensure that IRS Bank Secrecy Act supervisory personnel de- 
liver the appropriate message concerning the content of Bank Secrecy Act exams to 
the Internal Revenue Service field exam staff. 

Conclusion 

Mr. Chairman, we appreciate your Committee’s continued support in our efforts 
to ensure the effectiveness of Bank Secrecy Act examination and enforcement pro- 
grams. This concludes my remarks. I will be happy to answer your questions. 



84 


PREPARED STATEMENT OF GASTON L. GIANNI, JR. 

Inspector General, Federal Deposit Insurance Corporation 

June 3, 2004 

Mr. Chairman, Ranking Member Sarbanes, and Members of the Committee, I am 
pleased to testify before you today as you conduct this hearing on the Federal finan- 
cial regulatory agencies’ enforcement of the Bank Secrecy Act (BSA). We appreciate 
and thank the Committee for its interest in gaining a greater understanding of how 
the Government is combating terrorist financing and money laundering. The Com- 
mittee, the regulators, and our office clearly have a mutual interest in assuring the 
public that the best possible efforts are made to deter such dangerous and illegal 
activities. 

Today, I will present a historical perspective on the Bank Secrecy Act and discuss 
the BSA-related work my office has done over the past several years. I will also offer 
our views on the challenges that the Congress and the financial regulators face 
going forward in this critical area. 

The Bank Secrecy Act of 1970 

The Bank Secrecy Act of 1970 requires all financial institutions to maintain ap- 
propriate records and to file certain reports that are used in criminal, tax, or regu- 
latory investigations and proceedings. The BSA’s implementing regulation, 31 CFR 
Part 103, is also used to aid law enforcement agencies in the investigation of sus- 
pected criminal activity such as illegal drug activities, income tax evasion, and 
money laundering by organized crime. The BSA consists of two parts — Title I, Fi- 
nancial Recordkeeping, and Title II, Reports of Currency in Foreign Transactions. 

• Title I authorizes the Secretary of the Treasury (Treasury Department) to issue 
regulations requiring institutions to maintain certain records related to financial 
transactions. 

• Title II directs the Treasury Department to prescribe regulations governing the 
reporting of certain transactions by and through financial institutions in excess 
of $10,000. A financial institution must file a Currency Transaction Report (CTR) 
with the Treasury Department for each cash transaction over $10,000 or multiple 
cash transactions by an individual in 1 business day or over a period of days ag- 
gregating over $10,000. The BSA also requires financial institutions to file Sus- 
picious Activity Reports (SAR) with the Treasury Department when suspected 
money laundering activity, terrorist financing, or other BSA violations occur, such 
as the use of shell entities, check kiting, or embezzlement. 

BSA Requirements for FDIC-Supervised Institutions 

The FDIC is currently the primary Federal regulator for approximately 5,300 fi- 
nancial institutions. In that role, the Corporation has implemented rules and regu- 
lations in addition to those issued by the Treasury Department that require each 
FDIC-supervised institution to develop and administer a BSA program to ensure 
compliance with the BSA and 31 CFR Part 103. Institutions’ BSA programs should 
include: 

• a written BSA program approved by the institution’s board of directors, 

• a system of internal controls to assure ongoing compliance, 

• independent testing for compliance with the BSA and 31 CFR Part 103 to be con- 
ducted by bank personnel or an outside party, 

• designation of individual(s) responsible for coordinating and monitoring compli- 
ance with the BSA, and 

• training in BSA requirements for appropriate personnel. 

Examination Authority and Procedures 

Although the Treasury Department has overall authority for BSA enforcement 
and compliance, its regulations delegate authority to financial institution regulatory 
agencies, including the FDIC, to examine financial institutions for compliance. In 
this capacity, the FDIC has authority to (1) examine the institutions it supervises 
for compliance with the BSA, (2) refer BSA violations to the Treasury Department, 
and (3) impose regulatory actions for BSA violations. The FDIC is also required by 
the Federal Deposit Insurance Act (FDI Act) to: 

• prescribe regulations requiring insured depository institutions to establish and 
maintain procedures reasonably designed to ensure and monitor compliance with 
the BSA, 

• review such procedures during their examinations of these institutions, and 

• enforce compliance with the BSA monetary transaction recordkeeping and report 
requirements. 



85 


The Division of Supervision and Consumer Protection (DSC) at the FDIC is re- 
sponsible for promoting the safety and soundness of FDIC-supervised institutions, 
and examining financial institutions’ compliance with applicable laws and regula- 
tions such as the BSA. 

According to the Chairman’s testimony for today’s hearing, the FDIC has con- 
ducted almost 11,000 BSA examinations since 2000. 

Communication and Training 

The FDIC has taken steps to ensure that its supervised financial institutions and 
examiners are aware of BSA requirements and that its examinations of financial in- 
stitutions include a review of BSA requirements. The FDIC also issues regulations, 
Financial Institution Letters, and other guidance to the financial institutions that 
it supervises; updates Corporation examination and training materials; and ensures 
that DSC examiners are adequately trained to monitor BSA compliance. 

Risk-focused Examination Procedures 
DSC requires examiners to use risk-focused examination procedures to assess 
BSA compliance. To accomplish this, examiners may use (1) core procedures that 
are considered during the basic review, (2) expanded procedures that are used to 
target concerns identified during the basic review, and (3) impact analyses to assess 
the seriousness of identified deficiencies. To assess the impact of deficiencies identi- 
fied during the basic and expanded reviews, examiners determine whether BSA vio- 
lations and weaknesses: 

• are serious and indicate the need for civil money penalties, 

• necessitate referrals to law enforcement agencies, 

• necessitate a cease-and-desist order for cases in which a mandatory BSA compli- 
ance program was not established or maintained, or other supervisory action to 
correct prior noncompliance, and 

• affect the safety and soundness of the institution. 

When Violations Should Be Referred to the Treasury Department 

According to referral guidelines issued by the Treasury Department’s Office of Fi- 
nancial Enforcement in October 1990, the Treasury Department has a zero tolerance 
level for violations of the BSA but recognizes that BSA violations are of a varying 
nature. The guidelines state, “Because the determination process often is subjective, 
sound examiner judgment and experience also are required.” To assist with the de- 
termination process for referrals to the Treasury Department, the guidelines 
instruct examiners to “assess all of the facts and circumstances surrounding the vio- 
lations,” including whether: 

• the violations represent an isolated incident caused by human error; 

• the deficiencies are indicative of significant noncompliance with tbe BSA and/or 
systemic weaknesses in the institution’s BSA compliance program; 

• the types and nature of the violations are serious; 

• the violations are the result of blatant, willful, or flagrant disregard for BSA re- 
quirements; 

• there is a pattern of noncompliance with one or more sections of the regulations; 

• the violations result from inadequate policies, procedures, or training programs; 
and 

• the violations result from a nonexistent or seriously deficient compliance program. 

DSC procedures require examiners to use the Treasury Department’s guidelines 
to determine when a referral is appropriate. 

The Treasury Department or the FDIC can take Regulatory Actions when 
BSA Violations are Identified 

Failure by a financial institution to comply with the BSA can result in regulatory 
sanctions by either the Treasury Department or the FDIC. The BSA and its under- 
lying regulations give the Treasury Department the authority to assess civil money 
penalties for violations and to authorize criminal prosecution. The FDIC is required 
to report all identified BSA violations and to refer violations that warrant penalties 
to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). 
The FinCEN was established to administer BSA and provide a government- wide, 
multisource intelligence and analytical network. Such referrals, however, do not pre- 
clude the FDIC from taking regulatory action when BSA violations are identified. 
For example, as cited in 12 U.S.C. 1818(s), the FDIC shall issue a cease-and-desist 
order to any FDIC-supervised institution that fails to establish and maintain appro- 
priate BSA procedures or to correct any previously reported problem with the proce- 
dures. 



86 


The Corporation has reported that, since 2001, it has issued 30 formal enforce- 
ment actions against 25 financial institutions and 3 individuals to address BSA 
violations — 25 of these actions were cease-and-desist orders. Regulatory action, how- 
ever, also includes informal actions such as bank board resolutions or memoran- 
dums of understanding to facilitate corrective action(s) from bank management. 
Since 2001, the Corporation reports that FDIC-supervised institutions have entered 
into 53 informal actions with BSA-related provisions. Finally, the FDIC often uses 
other supervisory actions such as correspondence and follow-up visitations or exami- 
nations to promote compliance with BSA and implementing guidance. 

BSA became a Higher Priority after the Events of September 1 1 

Prior to the tragic events of September 11, 2001, BSA had played a significant 
role in preventing banks and other financial service providers from being used as 
intermediaries for, or to hide the transfer or deposit of, money derived from criminal 
activity associated with organized crime and international drug traffickers. BSA be- 
came more of a national priority following September 11. 

The USA PATRIOT Act 

In October 2001, the Congress enacted the United and Strengthening America by 
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 
2001 — the USA PATRIOT Act. This Act expanded the Treasury Department’s au- 
thority initially established under the BSA to regulate the activities of U.S. financial 
institutions, particularly their relations with individuals and entities with foreign 
ties. Provisions of the USA PATRIOT Act augmented the BSA money laundering 
provisions, making it a useful tool in tracing terrorist financing activities. The Act 
also elevated the status of FinCEN within the Treasury Department and empha- 
sized its role in fighting terrorist financing. In addition to administering the BSA, 
FinCEN is responsible for expanding the regulatory framework to other industries 
(such as insurance and securities brokers and dealers) vulnerable to money laun- 
dering, terrorist financing, and other crimes. 

FDIC’s Post-September n Initiatives 

DSC has been proactive in the development and issuance of interagency examina- 
tion guidance and has participated in working groups led by the Federal Financial 
Institutions Examination Council to develop and implement examiner training re- 
lated to the enforcement of BSA and USA PATRIOT Act provisions. Additionally, 
DSC has organized and participated in numerous outreach programs intended to in- 
form and educate the banking industry of USA PATRIOT Act compliance require- 
ments. Further, DSC has indicated that it has been involved in various interagency 
and joint law enforcement initiatives, including: 

• participation in the Financial Action Task Force’s (FATF) Working Group on 
International Financial Institutions Issues, which establishes international anti- 
money laundering standards; 

• participation in the Basel Committee decisionmaking process in reviewing the 
“Know Your Customer” risk management report; 

• participation in working groups and technical assistance missions sponsored by 
the Departments of State and Treasury, which are designed to assess vulner- 
abilities to terrorist financing activity worldwide and to develop and implement 
plans to assist foreign governments concerning these issues; and 

• serving as point-of-contact liaison between FinCEN and FDIC-supervised institu- 
tions in the USA PATRIOT Act Section 314(a) terrorist-subject biweekly searches. 

FDIC OIG Work that Addresses BSA-Related Issues 

My office has conducted three audits that address the FDIC’s efforts to design and 
implement a supervisory program to examine institutions’ compliance with provi- 
sions of the BSA and the more recently enacted USA PATRIOT Act. The first two 
audits addressed FDIC examiners’ planning and conduct of BSA examinations and 
the Corporation’s implementation of policies and procedures stemming from USA 
PATRIOT Act requirements. They were both conducted as part of our responsibility 
to provide coverage of the FDIC’s supervision activities. The third and most recent 
audit primarily focused on supervisory actions taken by the FDIC to ensure institu- 
tions implement effective corrective action to address BSA violations. This audit was 
initiated in response to interest expressed by staff of the Subcommittee on Oversight 
and Investigations, House Committee on Financial Services. 

Overall, these audits identified that the Corporation had taken steps to imple- 
ment a risk-focused examination program for BSA. However, improvements were 
needed to ensure that institutions were fully complying with, and the FDIC was ef- 
fectively enforcing provisions of, the Act. 



87 


I will now discuss more details of each audit, with the focus being on our findings 
and recommendations and the FDIC’s corrective actions to address them. 

Examination Assessment of Bank Secrecy Act Compliance 

By way of background, in the wake of a much-publicized Bank of New York 
money laundering scandal in 1999, the question of whether the BSA and its imple- 
mentation were effective gained renewed interest from the legislative and executive 
branches of the Federal Government. Of particular note, the Departments of Treas- 
ury and Justice jointly issued a revised National Money Laundering Strategy in 
March 2000 assigning responsibility for implementing parts of the strategy to bank 
regulatory agencies, including the FDIC, to enhance efforts to prevent money laun- 
dering. The regulatory agencies were specifically tasked with reviewing existing ex- 
amination procedures, and where necessary, revising, developing, and implementing 
new examination procedures that would ensure anti-money laundering supervision 
is risk focused. In light of the interest and new requirements, we conducted an audit 
in 2000 to determine the extent to which the FDIC’s examiners reviewed FDIC-reg- 
ulated institutions’ compliance with the BSA during the course of safety and sound- 
ness examinations. 

In March 2001, we issued Audit Report No. 01-013, Examination Assessment of 
BSA Compliance. In the report, we concluded that examiners did not adequately 
document their BSA examination planning or procedures. In general, there was lit- 
tle justification for the examiners’ decisions to omit or include procedures based on 
their evaluation of risk at the institutions being reviewed. Similarly, after com- 
pleting the risk-scoping process, examiners did not consistently document the work 
they performed as required by the Corporation’s Manual of Examination Policies. As 
a result, we could not always determine the extent to which examiners reviewed in- 
stitutions’ compliance with BSA provisions. We also found that examiners could 
have improved examination planning by taking full advantage of the FinCEN data- 
bases that contain information on CTR’s and SAR’s. At the time of our report, one 
region was compiling this information in a report and disseminating it to examiners. 
The report showed whether institutions had significant changes in the volume of 
SAR and CTR filings since the previous examination and could be used to determine 
whether the scope of the BSA examination should be expanded. 

We recommended that management (1) reinforce risk focusing guidance for BSA 
examinations and ensure that documentation requirements for examination plan- 
ning and procedures were followed and (2) require that all FDIC regions provide 
examiners with CTR and SAR information for the purpose of planning BSA exami- 
nations. Management implemented these recommendations. 

FDIC’s Implementation of the USA PATRIOT Act 

As discussed earlier, the USA PATRIOT Act broadened authority and required 
regulations to combat money laundering that were already established under the 
BSA to facilitate the prevention, detection, and prosecution of international money 
laundering and the financing of terrorism. Our review of the FDIC’s implementation 
of the USA PATRIOT Act focused on Title III of the Act, which is entitled the Inter- 
national Money Laundering Abatement and Anti-terrorist Financing Act of 2001. 
Title III includes provisions related to (1) international counter-money laundering 
and related measures, (2) BSA amendments and related improvements that supple- 
ment the United States’ authority to detect money laundering provided under the 
BSA, and (3) currency crimes and protection. 

The objective of our audit was to determine whether the FDIC had developed and 
implemented adequate procedures to examine financial institutions’ compliance with 
the USA PATRIOT Act. We issued our final report on the audit entitled The FDIC’s 
Implementation of the USA PATRIOT Act, Audit Report No. 03-037, on September 
5, 2003. We concluded that DSC’s existing BSA examination procedures covered cer- 
tain USA PATRIOT Act, Title III requirements. In addition, DSC had advised 
FDIC-regulated institutions of the new requirements in cases in which the Treasury 
Department had issued final rules implementing the Title III provisions. However, 
DSC had not issued guidance to its examiners for those provisions requiring new 
or revised examination procedures because DSC was either coordinating the 
issuance of uniform procedures with an interagency steering committee or waiting 
for the Treasury Department to issue final rules. This delay in issuing examination 
guidance was of particular concern when the Treasury Department had issued final 
rules for Title III provisions addressing money laundering deterrents and verifi- 
cation of customer identification. We noted that timely issuance of examiner guid- 
ance would have helped ensure institutions’ full compliance with USA PATRIOT Act 
provisions sooner. 



88 


We recommended that the FDIC: (1) issue interim examination procedures for 
those sections for which the Treasury Department has already issued final rules and 
(2) work with its interagency counterparts to issue examination guidelines concur- 
rently with the Treasury Department’s issuance of final rules for institutions’ imple- 
mentation of Title III provisions. The FDIC concurred with both recommendations 
and took responsive corrective action. More specifically, the FDIC issued interim 
BSA examination procedures in August 2003, which included steps for reviewing in- 
stitution compliance with applicable provisions of the USA PATRIOT Act and in Oc- 
tober 2003, issued the final examination guidelines developed in consultation with 
the other financial institution regulators. 

While not the result of our audit, FDIC has also trained its bank examination 
staff on the USA PATRIOT Act and incorporated BSA and Anti-Money Laundering 
topics into one of its core examination schools. Also, the FDIC is working with the 
other Federal banking regulators and the Conference of State Bank Supervisors to 
revise examiner training programs to incorporate provisions of the USA PATRIOT 
Act. Furthermore, the FDIC has reported changing its application review program 
to consider prohibitions against certain types of relationships with financial institu- 
tions, particularly foreign shell banks. The Corporation has also amended its poli- 
cies to consider the effectiveness of an insured depository institution’s anti-money 
laundering activities — including those of overseas branches — when evaluating a pro- 
posed merger transaction. 

Supervisory Actions Taken for Bank Secrecy Act Violations 
Our most recent audit related to the BSA was done in response to interest ex- 
pressed by the staff of the Subcommittee on Oversight and Investigations, House 
Committee on Financial Services. The audit focused on actions taken by the FDIC 
in its supervisory capacity to ensure that FDIC-supervised institutions implement 
effective corrective action to address BSA violations. Our audit results in this case 
raised concerns related to four general areas: 

• Extent of Regulatory Action on Significant and Repeat Violations 

• Consistency of Reporting of Deficiencies and Violations 

• Timing of FDIC Follow-Up and Corrective Actions on BSA Violations 

• Handling of Filings and Referrals to the IRS and Treasury Department 

Audit Took Approach Consistent with Prior Treasury OIG Report on BSA 

Our audit approach was modeled after a report issued by the Department of the 
Treasury OIG entitled OTS: Enforcement Actions Taken for Bank Secrecy Act Viola- 
tions, Report No. OIG-03-095, dated September 23, 2003. The objectives of the 
Treasury OIG audit were to determine: 

• whether the Office of Thrift Supervision took timely and sufficient supervisory en- 
forcement actions against thrifts with substantive BSA violations; 

• enforcement actions, when taken, adequately addressed all substantive BSA viola- 
tions identified by examiners; 

• OTS’s systems to track and monitor BSA examinations results were accurate and 
reliable. 

The Treasury OIG determined that greater use of forceful and timely enforcement 
sanctions were warranted for BSA violations; enforcement actions were not always 
taken timely or were not always thorough for substantive BSA violations; 1 and BSA 
examination data errors existed in OTS’ automated system used to monitor the re- 
sults of all examinations, including BSA. 

The objective of our audit was to determine whether the FDIC adequately follows 
up on BSA violations reported in examinations of FDIC-supervised financial institu- 
tions to ensure that they take appropriate corrective action. The scope of our audit 
included examinations conducted by the FDIC or State regulatory agencies, and ex- 
aminations in which the FDIC participated in a joint capacity with State regulatory 
agencies from January 1, 1997 through September 30, 2003. 

The FDIC Had Cited a Significant Number of Institutions for BSA Violations 
Of the 5,662 financial institutions that the FDIC supervised (on average) during 
the time period covered by our audit, 2,672 institutions (approximately 47 percent) 
had been cited for at least one BSA violation. Those violations included citations for 
not complying with the Treasury Department’s Financial Recordkeeping and Report- 
ing Requirements, that is, filing CTR’s, and not adequately implementing BSA com- 


1 The Treasury OIG defined substantive BSA violations as those that resulted from the failure 
to develop and implement a BSA program with the basic BSA minimum requirements and the 
nonfiling of CTR’s and SAR’s. 



89 


pliance programs as required by the FDIC’s Rules and Regulations. Of those 2,672 
institutions, 458 (approximately 17 percent) had been cited for repeat BSA viola- 
tions. 

Audit Shows High Rate of Significant and Repeat Violations, Many of Which 
Were Not Subject to Regulatory Action 

We selected a random sample of institutions with violations for detailed review. 
The random sample consisted of 22 institutions selected from the 8 DSC regional 
or area offices, and another 19 institutions consisted of a judgmental sample of in- 
stitutions with repeat violations for a total of 41 institutions reviewed. We deter- 
mined that 

• 35 of the 41 institutions (86 percent) were cited for violations related to the Treas- 
ury Department’s financial recordkeeping and reporting requirements as pre- 
scribed in 31 CFR Part 103, and 

• 29 of the 41 institutions (71 percent) were cited for deficient BSA compliance pro- 
grams that did not meet the minimum requirements of the FDIC Rules and Regu- 
lations. 

Regarding violations of the Treasury Department’s Regulations at 31 CFR Part 
103, these financial institutions were most frequently cited for failing to: File CTR’s 
for nonexempted transactions over $10,000; maintain records on sales of monetary 
instruments of $3,000 through $10,000; furnish information required in CTR’s, file 
CTR’s timely, or retain CTR’s for 5 years; and treat multiple transactions totaling 
over $10,000 as a single transaction. 

With respect to the FDIC’s Rules and Regulations Section 326.8, the 41 financial 
institutions in our sample were most frequently cited for lack of independent testing 
of BSA compliance; failure to develop or implement an adequate BSA compliance 
program; inadequate system of internal controls for BSA compliance; and failure to 
provide adequate BSA training. 

We also determined that 27 of the 41 institutions had repeat BSA violations. Of 
those 27 repeat institutions, 17 institutions (63 percent) were not subject to regu- 
latory action for their repeat violations, although other supervisory efforts such as 
follow-up correspondence to bank management and visitations may have been in 
progress. Of the 10 institutions that were subject to regulatory action, only 1 was 
subject to a cease-and-desist order. 2 DSC policy states that repeat violations cannot 
be tolerated and that cease-and-desist orders should be initiated in such cases. 

In addition, Section 8(s) of the FDI Act states that, “If the appropriate Federal 
banking agency determines that an insured depository institution . . . has failed to 
correct any problem with the [BSA] procedures . . . which was previously reported 
... by such agency, the agency shall issue an order . . . requiring such depository 
institution to cease-and-desist from its violation . . ..” In response to our audit, the 
FDIC concluded that it was not required to issue cease-and-desist orders in the case 
of every repeat BSA violation. The Corporation believes that enforcement authority 
always involves some element of discretion, including consideration of the nature of 
the violation and supervisory judgment as to how best to address the violation. As 
part of its response to our report, the Corporation provided a legal opinion by its 
General Counsel that addresses Congress’s intent in Section 8(s). The opinion stated 
that: 

The absence of a mandate to bring a cease-and-desist action to address 
every violation of Section 8(s) or the regulations does not imply that the al- 
ternative is to take no action. To the contrary, the statutory intent must 
be to take an appropriate corrective action based upon the severity of the 
problem, the risk it poses, and the bank’s willingness to comply expedi- 
tiously. 

We concur with the Counsel’s guidance. However, as noted previously, our audit 
identified cases where DSC had not taken regulatory action to address repeat viola- 
tions of BSA requirements. 

FDIC’s Reporting and Follow-Up On BSA Violations 

For the 41 banks in our sample, we reviewed 82 reports of examination that cited 
apparent and often multiple BSA violations. We noted that not all BSA deficiencies 
described in DSC’s examination reports were cited in the violations section of the 
reports and tracked in the FDIC’s information system. For 25 (30 percent) of the 
82 reports, DSC waited until the next examination to follow up on some or all of 
the BSA violations, and corrective actions to address cited violations often took more 


2 The FDIC imposed a regulatory action for one institution that did not have repeat violations 
bringing the total number of regulatory actions taken for the sample we reviewed to 11. 



90 


than 1 year. Also, DSC’s regional offices took various approaches to handling viola- 
tions related to the filing of CTR’s and to referring bank violations to the Treasury 
Department. Finally, we found that while many institutions had been cited for BSA 
violations, there were few referrals to the Treasury Department during the audit 
period, and most were made by one FDIC region. 

Inconsistencies in Describing Deficiencies and Citing Violations 

In reviewing DSC’s reports of examination, we observed several instances of BSA 
deficiencies described in the reports but not cited in the Violations of Laws and Reg- 
ulations section of the reports. On the other hand, we also noted instances of BSA 
deficiencies similar to those described that were cited as violations. Deficiencies that 
are described in the reports of examination but not cited as violations may receive 
less attention from bank management or in follow-up by DSC. According to DSC of- 
ficials, the examiners exercise judgment in determining the significance of BSA con- 
cerns. That judgment includes determining whether the weaknesses constitute: 

• apparent violation of laws or regulations, meriting inclusion in the violations sec- 
tion of the examination report, or 

• noncompliance with DSC guidelines, meriting only mention in the report as mat- 
ters for bank management’s attention, which may be sufficient to eliminate con- 
cern. 

Follow-up and Correction of Violations Was Not Always Timely 

DSC’s process for following up on violations cited in reports of examination in- 
cludes: 

• a request for the report to be considered in the bank’s next board meeting, with 
a record of actions taken entered into the minutes; 

• a request for bank management to provide a response indicating the actions taken 
to eliminate each cited violation or deficiency; and 

• follow-up of the corrective actions at the next examination. 

For the institutions included in our sample, we checked how often and by what 
method DSC followed up on whether corrective actions had been taken. We consid- 
ered evidence related to DSC’s follow-up actions or the banks’ corrective actions, as 
well as information from the Treasury Department. As a result of our analysis of 
the process and our review of the 82 reports that cited apparent BSA violations, we 
found that: 

• For 20 reports, DSC followed up or pursued regulatory action for certain viola- 
tions before the next examination, including additional correspondence, visita- 
tions, and regulatory actions such as bank Board resolutions, memorandums of 
understanding, or cease-and-desist orders. 

• For 42 reports, DSC received evidence from bank management, Treasury’s 
FinCEN, or the Internal Revenue Service (IRS) that certain violations had been 
corrected before the next examination, and in many of these instances, corrective 
action took place before the examination was completed. 

• For 25 reports, DSC waited until the next examination to assess the adequacy of 
bank corrective actions for certain violations. 3 

We also observed that DSC regional and field offices exercised wide discretion in 
deciding whether and when to follow up on the violations or take regulatory action. 
In some cases, more than 1 to 5 years passed before (1) bank management took cor- 
rective action that was effective to prevent repeat violations or (2) DSC applied reg- 
ulatory actions to address continuing violations. As shown below, about two-thirds 
of the violations took longer than 1 year to correct. 


3 Note that the numbers do not total 82 because DSC used different follow-up actions for some 
examination reports that cited multiple violations. 



91 


Time Taken to Address BSA Violations 


LENGTH OF TIME FOR ACTION 

NUMBER OF INSTITUTIONS * 

12 months or less 

27 

13 months— 24 months 

13 

25 months— 36 months 

16 

37 months— 48 months 

10 

49 months— 60 months 

1 

More than 60 months 

8 


*The number of institutions will exceed the 41 sampled institutions because the length of time varied for in- 
stitutions with multiple BSA violations. 

Source: OIG analysis of ViSION data and review of evaluation reports and supplemental information pro- 
vided by DSC for the 41 sampled institutions. 

DSC officials stated that follow-up on BSA violations often occurs at the next 
FDIC examination rather than between examinations. Although the FDIC can con- 
duct visitations between regularly scheduled examinations, we identified only a few 
visitations based on information provided by DSC that addressed BSA violations. 

Generally, the FDIC alternated examinations of the sampled institutions with 
State regulatory agency examinations for those institutions. However, 45 of the 72 
examination reports we reviewed from state regulatory agencies did not specifically 
address BSA compliance. Therefore, the FDIC could not rely on those examinations 
to determine whether bank management took corrective actions to address pre- 
viously cited violations or to identify any new BSA violations. Consequently, follow- 
up by the FDIC on some previously cited BSA violations did not occur until the next 
FDlC examination — generally 24 to 36 months after the violations were initially 
identified. This delay in ensuring that BSA violations are corrected could result in 
additional or continued BSA violations and could hinder the detection of criminal 
activity. 

Handling of Violations Related to CTR’s 

We also noted variations in the handling of violations related to CTR’s. While con- 
ducting examinations, examiners identified instances in which financial institutions 
had improperly exempted customers from currency transaction reporting require- 
ments or otherwise failed to file CTR’s. According to DSC guidance, CTR’s must be 
filed with the IRS within 15 days following the date of the transaction (25 days if 
the financial institution files electronically). For those institutions that did not file 
CTR’s within the specified timeframe, FinCEN requests that examiners have bank 
officials request permission to backfile CTR’s. DSC regional offices did not handle 
violations related to the backfiling of CTR’s in a consistent manner. Some offices re- 
quired the institutions to request permission to backfile, while other offices allowed 
the institutions, in cases that involved one or two CTR’s, to file without requesting 
permission to backfile. 

Handling of Referrals to the Treasury Department 

DSC referrals of bank violations to the Treasury Department were infrequent. Ac- 
cording to information provided by DSC, while 2,672 institutions were cited for vio- 
lations, there were only 34 referrals made from January 1, 1997 through December 
31, 2003, and most of these referrals were made by one DSC regional office. DSC 
officials added that, since the Treasury Department has access to FDIC information 
on BSA violations through a shared information system, further reporting is not re- 
quired. The Treasury Department sometimes requests copies of applicable examina- 
tion reports based on its analysis of the violations. The following actions have 
resulted from the referrals made by the FDIC from January 1, 1997 through Decem- 
ber 31, 2003 

• 27 institutions received cautionary letters or letters of warning from the Treasury 

Department, 

• 1 institution received a civil money penalty, 

• 3 referrals were resolved by other means, and 

• 3 referrals were still open. 

In summary, the Treasury Department took action when referrals were made but, 
in our assessment, FDIC only did so infrequently. 




92 


Report Recommends Strengthening Guidance Related to BSA Monitoring and 
Follow-Up Processes 

We concluded in our report that the FDIC had adequately followed up on some 
BSA violations to ensure bank management has taken appropriate corrective action. 
However, more could be done to better ensure that prompt and effective actions are 
taken by bank management to ensure compliance with BSA regulations. 

In light of the increased Congressional interest in BSA compliance and emphasis 
on national security concerns, we recommended that the Corporation: 

• reevaluate and update its examination guidance to help ensure adequate exam- 
iner follow-up and timely corrective action by bank management; 

• discuss and update the referral policy with the Treasury Department; and 

• encourage State coverage of BSA compliance, and develop alternative processes to 
compensate for the lack of State coverage of BSA compliance. 

FDIC Management Agreed with Recommendations and Is Taking Steps to Improve 
Its BSA Program 

DSC management agreed with our recommendations. DSC had taken steps to ini- 
tiate a reevaluation and update of its guidance, with interagency cooperation, to ad- 
dress formal supervisory actions, follow-up actions, citation of apparent violations, 
and recordkeeping and backfiling of CTR’s. DSC also agreed to work with the FDIC 
Legal Division to clarify and update, as necessary, enforcement action guidance on 
BSA. 

Further, DSC management agreed to pursue clarification of referral procedures 
with the Treasury Department. Finally, DSC agreed to focus on strengthening proc- 
esses to address variations in the State examination coverage of BSA and believed 
doing so would increase the consistency and reliability of the follow-up to its BSA 
examinations. 

Looking Ahead 

Mr. Chairman, the goal of identifying and cutting off terrorist funding is an essen- 
tial one. The Government’s success in accomplishing that goal is dependent upon 
collecting and analyzing necessary information, and disseminating and sharing that 
information among appropriate law enforcement and regulatory agencies. To that 
end, the Congress passed the BSA, and later, the USA PATRIOT Act, to establish 
requirements and coordination mechanisms for creating this free flow of informa- 
tion. While the FDIC has been a leader in many initiatives aimed at complying with 
these two Acts, we found and the Corporation has acknowledged it can do more. In 
light of the knowledge we have gained since September 1 1 and more recent terrorist 
threats, there are key questions that the FDIC should consider, in conjunction with 
the Treasury Department and the other financial regulators, as it looks to improve 
its BSA program. 

• Is risk-scoping BSA examinations and follow-up still the most effective approach 
to deterring money laundering and terrorist financing? 

• Are the policies and procedures for reporting certain cash transactions and BSA 
violations to the Treasury Department, some of which date to the early 1990’s, 
currently effective? 

• Is the information reported to FinCEN by financial institutions and regulators ef- 
fectively evaluated and does it ultimately result in timely preventive actions? 

Mr. Chairman, we appreciate the opportunity to participate in this hearing. We 
are prepared to assist in addressing these issues and have additional audits planned 
in this area to help ensure that financial institutions, through efficient and effective 
supervision by the FDIC, will remain vigilant in implementing BSA programs that 
assist in preventing money laundering and terrorism. I would be pleased to answer 
any questions the Committee may have at this time. 



93 


United States General Accounting Office 


GAO 

Testimony 

Before the U.S. Senate Committee on 
Banking, Housing, and Urban Affairs 

For Release on Delivery 

Expected at 9:30 a.m. EDT 
Thursday, June 3, 2004 

ANTI-MONEY 

LAUNDERING 


Issues Concerning 
Depository Institution 
Regulatory Oversight 


Statement of Davi M, D'Agostino, Director 

Financial Markets and Community investment 


A 

4gao 

Accountability * integrity * Reliability 


GAO-04-833T 





94 


1 GAO _ 

Ac^ountaBflUymtggillvRiMWMillv 

Hi ghlig hts 

Highlights o' f?AO "4 -fSST, a ropoit to the 
Cha-nran. Senate Comrvttee on Banking. 
Housing ard Jrbar A f, -aiis 


Why GAO Did This Study 

: 'Hut 1 ».S. government's framework 
for preventing, delecting. ami 
prosecuting money IfioiKleiinghas 
Wen expanding through additional 
pieces of legislation since its 
inception in 1970 with the Bank 
Secrecy Act (BSA). The purposonl' 
the BSA is to prevent financial 
i institutions from being used as 
intermediaries for the transfer or 
deposit of money derived from 
criminal activity and to provide a 
paper trail fot law enforcement 
agencies in their investigations of 
possible money laundering. Tlie 
; most recent changes arose in 
t )ct ober 200 1 w ifJi t he passage of 
the I SA PA TRIOT Act, which, 
among otlic*r tilings, extends anti- 
money laundering (AMI.) . 
requirements to oilier financial 
: service providers previously not 
| covered under (he BSA. GAO was 
asked to testify on its previous 
work and the ongoing work it. is 
doing for the Senate Committee on ; 
; Banking, Housing, and Urban 
Affairs on the depository institution 
regulator BSA examination and 
enforcement process. 


! vw;vAga:vgov/^HT.T.'cel'pr?oA D- 04-a 33T , ; 

~e view the tut product, including the scope : 
and methodology, click on the link above. 

Fcr mo-e ifitorn at on. contact Davi M 
D'Agostino at (202) 5’ 2-8678 cr 
dagost’-od© gao. gov. 


June 3, 2004 


ANTI-MONEY LAUNDERING 

Issues Concerning Depository Institution 
Regulatory Oversight 


What GAO Found 

In recent, years, GAO has issued a number of reports dealing with regulatory 
oversight of anti-money laundering activities of financial institutions. In 
1998, GAO issued a report regarding Treasury’s Financial Crimes 
Enforcement Network’s (FinCEN) role in administering the BSA, which 
updated information on civil penalties for BSA violations. One focus was the 
Secretary of the Treasury’s 1994 mandate to delegate the authority to assess 
civil money penalties for BSA violations to federal banking regulatory 
agencies. GAO noted that this delegation had not been marie and said that 
FinCEN was concerned that bank regulators may be less inclined to assess 
BSA penalties and may prefer to use their non-BSA authorities under their 
own statutes. 

Also in 1998, GAO reported on the activities of Raul Salinas, the brother of 
the former President of Mexico. Mr. Salinas was allegedly involved in 
laundering money from Mexico, through Citibank, to accounts in Citibank 
affiliates in Switzerland and the United Kingdom. GAO determined that Mr. 
Salinas was able to transfer $90 - $100 million between 1992 and 1994 by 
using a private banking relationship structured through Citibank New' York 
in 1992 and effectively disguise the funds’ source and destination, thus 
breaking the funds’ paper trail. 

In 2001, GAO issued a report on changes in BSA examination coverage for 
certain securities broker-dealers. At the time, there was no requirement that 
all broker-dealers file Suspicious Activity Reports (SARs); however, broker- 
dealer subsidiaries of depository institutions and their holding companies 
were required to file SARs and were examined by banking regulators for 
compliance. GAO determined that with the passage of the 1999 Gramm- 
Leach-Bliley Act, these broker-dealers were no longer being examined to 
assess Iheir compliance with SAR requirements. However, with the passage 
of Llie USA PATRIOT Act arid the issuance of a final rule that was effective 
on July 31, 2002, all broker-dealers were required to report such activity. 

GAO is currently studying the depository institution regulators’ BSA 
examination and enforcement process for the Senate Committee on 
Banking, Housing, and Urban Affairs. The objectives include determining 
how the regulators’ risk-focused examinations assess BSA compliance, the 
extent to which the regulators identify BSA and AML violations and Lake 
supervisory actions, and the consistency of BSA compliance examination 
procedures and interpretation of violations across regulators. GAO plans to 
determine whether and to what, extent regulators curtailed BSA compliance 
examinations and the bases for these decisions. GAO plans t.o track 
supervisory actions taken Lo correct violations identified. GAO will also 
examine file ramifications, if any, of file lack of delegation of authority lo 
assess BSA compliance penalties by Treasury lo the banking regulators, as 
mandated by statute. GAO will meet with government and industry officials 
to gain their perspective on the BSA compliance examination process. 

United States General Accounting Oflice 


95 


Mr. Chairman and Members of die Committee: 

I appreciate this opportunity to be here today to discuss a number of 
issues concerning federal depository institution regulators’ oversight of 
financial institutions for Bank Secrecy Act (BSA) compliance and our 
ongoing work for diis committee on this matter. 1 The U.S. government’s 
framework for preventing, detecting, and prosecuting money laundering 
has been expanding through additional pieces of legislation since its 
inception in 1970 with the Bank Secrecy Act. 2 The purpose of the BSA is to 
prevent financial institutions from being used as intermediaries for the 
transfer or deposit of money derived from criminal activity and to provide 
a paper trail for law enforcement agencies in their investigations of 
possible money laundering. Over the years, the BSA has evolved into an 
important tool to help deter money laundering, drug trafficking, terrorist 
financing, and other financial crimes. The most recent changes arose in 
October 2001 with the passage of the USA PATRIOT Act, which, among 
other things, contains expanded provisions to prevent, detect, and 
prosecute terrorist financing and international money laundering at 
depository institutions and extends anti-money laundering (AML) 
requirements to other financial service providers previously not covered 
under the BSA. 3 

Congress amended the BSA in 1994 to require federal financial banking 
regulators to develop enhanced examination procedures and training to 
improve the identification of possible money-laundering schemes at 
financial institutions under their supervision. 4 Federal banking regulators 
regularly assess compliance with BSA and related AML requirements 
during safety and soundness or compliance examinations using 
examination procedures that are consistent with their overall risk-focused 
examination approach. Under the risk-focused approach, those activities 


■The term “federal banking regulators” in this testimony refers collectively to federal 
regulators of depository institutions, including banks, thrifts, and federally chartered credit 
unions. The federal banking regulators are the Federal Deposit Insurance Corporation 
(FDIC), Board of Governors of the Federal Reserve System (Federal Reserve), National 
Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), 
and Office of Thrift Supervision (OTS). 

2 Currency and Foreign Transactions Reporting Act, Pub. L. No. 91-508, 84 Stat. 1305(1970). 

3 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept 
and Obstruct Terrorism Act. Pub. L. 107-56, 115 Stat. 272(2001). 

“The Money Laundering Suppression Act of 1994, Pub. L 103-325, 108 Stat. 2243(1994). 




96 


judged to pose the highest risk to an institution are to receive the most 
scrutiny by examiners. 5 In examining depository institutions for BSA 
compliance, the regulators’ examination procedures are to serve as a tool 
for determining whether depository institutions (1) have developed AML 
programs and procedures to adequately detect, deter, and report unusual 
or suspicious activities possibly related to money laundering; and (2) 
comply with the technical recordkeeping and reporting requirements of 
the BSA 

The regulators also have a variety of enforcement tools to address 
noncompliance. They can take increasingly formal supervisory actions 
that range from moral suasion or informal discussions with the 
institution’s management to written agreements, civil money penalties, and 
cease and desist orders. 

The recent imposition of several large civil money penalties on depository 
institutions has increased concern about industry compliance with and 
government enforcement of the BSA My statement today will focus on the 
banking regulators’ approach for ensuring compliance with BSA and AML 
program requirements. Specifically, I will discuss (1) recent enforcement 
actions taken against depository institutions for BSA violations, (2) 
inspectors general reports assessing the regulators’ examination work and 
enforcement activities, and (3) issues raised in some of our past work on 
money laundering and ongoing work on BSA examinations and 
enforcement for the Committee. 

To address these objectives, we reviewed consent orders and other 
documents pertaining to selected enforcement actions, recent Department 
of the Treasury (Treasury) and Federal Deposit Insurance Corporation 
(FDIC) Office of Inspector General reports, past GAO reports, and 
documents related to our ongoing BSA work for this Committee. 


Summary 


In the last few years and as recently as last month, the financial regulators 
and the courts have taken actions against a number of depository 
institutions for significant BSA violations. Recent enforcement actions 
show that various types of depository institutions — including banks, 


U.S. General Accounting Office, Risk-Focused Bank Examinations: Regulators of Large 
Banking Organizations Face Challenges, GAQ/GGD-00-48 (Washington, D.C.: January 24, 
2000 ). 




97 


thrifts, and credit unions — have had BSA violations. These enforcement 
actions also raise the issue of the timeliness of the identification of BSA 
violations and enforcement actions taken by the regulators. For example, 
in 2000, Banco Popular de Puerto Rico was charged with violating the 
BSA’s suspicious activity reporting requirement, paid a civil money penalty 
of over $20 million, and received a deferred prosecution. In this case, an 
individual who was later convicted of money laundering offenses had 
deposited over $21 million at this bank, but the bank had not investigated 
nor reported this activity to law enforcement until several years after the 
suspicious activity had begun. The bank’s regulator expanded its 
examination scope for BSA compliance four years after the deposits 
began. More recently, Riggs Bank was assessed a $25 million civil money 
penalty for BSA violations including failure to maintain an effective BSA 
compliance program and failure to monitor and report large transactions 
involving foreign embassies. Although Riggs’ regulator deemed the bank to 
be systemically deficient in 2003 and the bank entered into a consent 
order, the bank was not in full compliance with the consent order in 2004 
and was subsequently assessed the penalty. 

Recent reports of the Treasury’s and Federal Deposit Insurance 
Corporation’s Offices of the Inspector General (FDIC IG) assessing the 
regulators’ examination work and enforcement activities have raised 
questions about potential gaps in the consistency and timeliness of the 
regulators’ activities to monitor and follow-up on BSA violations. For 
example, in its March 2004 report the FDIC IG concluded that FDIC 
needed to strengthen its follow up processes for BSA violations. 

In recent years, we have done work addressing money laundering issues 
regarding a variety of activities and financial institutions, such as 
securities broker-dealers, private banking, and Russian entities. We are 
currently studying the depository institution regulators’ BSA examination 
and enforcement process for this committee. Our primary objectives are to 
determine how the regulators’ risk-focused examinations assess BSA 
compliance, the extent to which the regulators identify BSA and AML 
violations and take supervisory actions, and the consistency of BSA 
compliance examination procedures and interpretation of violations 
across regulators. We plan to determine whether and to what extent 
regulators curtailed BSA compliance examinations and the bases for these 
decisions. We also plan to, among other things, track supervisory actions 
taken to correct violations identified 



98 


Background 


The Financial Recordkeeping and Currency and Foreign Transactions 
Reporting Act, commonly referred to as the Bank Secrecy Act, passed by 
Congress in 1970, requires that financial institutions file certain currency 
and monetary instrument reports and maintain certain records for possible 
use in criminal, tax, and regulatory proceedings. As a result, the BSA helps 
to provide a paper trail of the activities of money launderers for law 
enforcement officials in pursuit of criminal activities. 

Congress has amended the BSA a number of times to increase the 
effectiveness of the regulators’ efforts. For example, the initial BSA 
reporting system did not include provisions for separate money laundering 
charges against those who had not satisfied reporting requirements. Thus, 
Congress enacted the Money Laundering Control Act of 1986, which made 
money laundering a criminal offense separate from any BSA reporting 
violations. 6 This act created criminal liability for individuals or entities that 
conduct monetary transactions knowing that the proceeds involved were 
obtained from unlawful activity and made it a criminal offense to 
knowingly structure transactions to avoid BSA reporting. The 1986 act also 
directed the regulators (1) to issue regulations that require the financial 
institutions subject to their respective jurisdiction “to establish and 
maintain procedures reasonably designed to assure and monitor the 
compliance of such institutions;” (2) to review such procedures during the 
course of each examination of such financial institutions; (3) to issue 
cease and desist orders to ensure compliance with the requirements; and 
(4) to assess civil money penalties for failure to maintain such compliance 
procedures. 7 

In 1992, Congress increased the penalties for institutions and their 
employees who violate the BSA and authorized the regulators to take 
additional supervisory actions for such violations. More specifically, the 
Annunzio-Wylie Anti-Money Laundering Act authorized the federal 
banking regulators to revoke an institution’s charter if it was convicted of 
money laundering and, in certain circumstances, to issue removal and 
prohibition orders against individuals charged with BSA offenses. As 


6 18 U.S.C. §§ 1956, 1957. 

7 Amendments to banking statutes authorized the regulators to review institutions’ BSA 
compliance procedures during examinations and take supervisory actions for 
noncompliance. Section 8(s) of the Federal Deposit Insurance Act (12 U.S. C. § 1818 (s)), 
Subsection 5(d) of the Homeowners Loan Act of 1933 (12 U.S.C. § 1464 (d)(6), and Section 
206 of the Federal Credit Union Act (12 U.S.C. 1786(q)). 



99 


authorized by this act, in 1996, Treasury issued a rule requiring that banks 
and other depository institutions use a Suspicious Activity Report (SAR) 
form to report activities involving possible money laundering. Institutions 
file these forms with the Financial Crimes Enforcement Network 
(FinCEN) at Treasury. 

Congress amended the BSA again in 1994, with The Money Laundering 
Suppression Act, to require that financial regulators develop enhanced 
examination procedures and training to improve identification of money- 
laundering schemes at financial institutions under their supervision. 
Accordingly, the federal banking regulators adopted a core set of 
examination procedures to determine whether an institution has die 
necessary system of internal controls, policies, procedures, and auditing 
standards to assure compliance with tire BSA and implementing 
regulations. The procedures also require examiners to review an 
institution’s internal audit function, procedures, selected workpapers, 
records, reports, and responses. Based on the results, examiners may 
conclude the examination or continue with expanded procedures, which 
might include transaction testing and review of related documentation. 
This act also directed the Secretary of the Treasury to delegate to 
appropriate federal banking regulatory agencies the authority to assess 
civil penalties for BSA violations. In May 1994, the Secretary delegated this 
authority to FinCEN but, to date, this delegation has not been made to the 
banking regulators. 

hi October 2001, Congress again amended the BSA through passage of the 
USA PATRIOT Act, specifically through Title III of this act. The passage of 
die USA PATRIOT Act was prompted, in part, by die September 11, 2001, 
terrorist attacks in Washington, D.C. and New York City, which in turn 
enhanced awareness of the importance of combating terrorist financing 
through the U.S. government’s AML efforts. Title III expanded the scope of 
the BSA to include organizations not previously covered, such as 
securities brokers, insurance companies, and credit card system 
operators. Among Title Hi’s provisions are requirements that financial 
institutions covered by the act: 

♦ Establish and maintain AML programs; 

* Identify and verify the identity of customers who open accounts; 


Exercise due diligence and, in some cases, enhanced due diligence with 
respect to all private banking and correspondent accounts; 




100 


Conduct enhanced scrutiny with respect to accounts maintained by or on 
behalf of foreign political figures or their families; and 

Share information relating to money laundering and terrorism with law 
enforcement authorities, regulatory authorities, and financial institutions. 

Title IE also added activities that can be prosecuted as money laundering 
crimes and increased penalties for activities that were money laundering 
crimes prior to enactment of the USA PATRIOT Act. Examination 
procedures of the federal banking regulators are expected to conform to 
PATRIOT Act amendments to the BSA and regulations issued by the 
Treasury. 


Recent Actions Taken 
against Depository 
Institutions for BSA 
Violations Highlight 
Deficiencies in AML 
Programs at Some 
Institutions 


hi the last few years and as recently as last month, the federal banking 
regulators and the courts have taken actions against a number of 
depository institutions for significant BSA violations. In addition to 
deficiencies at the institutions themselves, issues raised in these cases 
included the timeliness of the identification of BSA violations and 
enforcement actions taken by die regulators. To illustrate, I will discuss 
three different cases at three different types of depository institutions. 


BailCO Popular de Puerto In the first case, a bank was charged with BSA violations of suspicious 
Rico activity report requirements and received a deferred prosecution.® In 2000, 

die U.S. Department of Justice (Justice) charged Banco Popular de Puerto 
Rico, a bank subsidiary of a diversified financial services company serving 
Puerto Rico, the United States, and Latin America, with failing to file SARs 
in a timely and complete manner — in violation of the BSA. 9 According to 
Justice, from 1995 through 1998, an individual, who was later convicted of 
money laundering offenses, deposited approximately $21.6 million in cash 
into an account at Banco Popular. Justice indicated that a number of 
branch employees were aware of the suspicious activity, but that the bank 
failed to investigate the account for over 2 years from the date the account 


8 A deferred prosecution is a legal procedure whereby the prosecution for an offense is 
deferred pending completion of corrective action, 

‘Tide 31 USC 5318(g)(1) and 5322(b). 



101 


was opened, and also did not report the suspicious activity to FinCEN 
until 1998 as required by the BSA. 

Although the Federal Reserve Bank of New York (FRBNY) conducted four 
examinations of Banco Popular from 1995 through 1998, the examinations, 
based on procedures used at the time, did not contain any criticism of the 
bank’s BSA compliance policies or procedures. In 1999, 4 years after the 
individual first began laundering an undetermined amount of money 
through Banco Popular, FRBNY expanded the scope of the bank’s 
regularly scheduled safety and soundness examination as a result of 
information it received from a U.S. Customs Service dmg investigation. 
Based on AML compliance problems identified during the examination, 
FRBNY developed a supervisory strategy that led to a written agreement 
containing numerous remedial actions. Banco Popular also entered into a 
deferred prosecution agreement with Justice, FinCEN, and the Federal 
Reserve; and agreed to a civil money penalty of over $20 million. 


Polish and Slavic Federal hi another instance, FinCEN assessed penalties against a credit union for 
Credit Union currency transaction reporting violations. In January 2000, FinCEN 

assessed civil money penalties of $185,000 against the Polish and Slavic 
Federal Credit Union, located in Brooklyn, New York, for willful failure to 
file Currency Transaction Reports (CTR) and improperly granting an 
exemption from CTR filings in violation of the BSA. 

FinCEN determined that between 1989 and 1997, the Polish and Slavic 
Federal Credit Union willfully failed to file numerous CTRs for currency 
transactions in amounts greater than $10,000. 10 FinCEN also reported that 
the credit union, through the actions of its former management and board 
of directors, improperly exempted one customer from CTR filings. The 
customer, the former chairman of the credit union’s board of directors and 
owner of a travel agency and money remitter business, did not qualify for 
the CTR filing exemption, according to FinCEN. The remitter made over 
1,000 currency deposits in excess of $10,000 but no CTRs were filed. 
FinCEN further reported that the credit union, through its former general 
manager and former board, failed to establish and maintain (1) an 
adequate level of internal controls for BSA compliance, (2) an effective 


10 31CFR. §103,22 requires depository institutions to file CTRs for currency transactions of 
$10,000 or more. 




102 


BSA compliance program, (3) BSA training for credit union employees, 
and (4) an effective internal audit function. 

NCUA, the regulator of the Polish and Slavic Federal Credit Union, took a 
series of enforcement actions against the credit union beginning in 
January 1997 to compel compliance with the BSA. However, FinCEN’s 
report also indicates that NCUA’s enforcement actions began about 8 
years after the violations began. In April 1999, NCUA removed the credit 
union’s board of directors and imposed a conservatorship based on the 
credit union’s failure to establish adequate internal controls, including 
controls for BSA compliance. 


RiggS Bank N.A. Last month, OCC and FinCEN assessed a $25 million civil money penalty 

against Riggs Bank, N.A. for numerous BSA violations, including failure to 
maintain an effective BSA compliance program and to monitor and report 
transactions involving millions of dollars by the embassies of Saudi Arabia 
and Equatorial Guinea in Washington, D.C. 

Since 1987, OCC has required each bank under its supervision to establish 
and maintain an AML compliance program and specified four elements 
that banks were required to satisfy." However, FinCEN reported that Riggs 
was deficient in all four elements required by the AML regulation. FinCEN 
found that Riggs willfully violated the suspicious activity and currency 
transaction reporting requirements and the AML program requirements of 
the BSA. Specifically, Riggs failed to establish and maintain an effective 
BSA compliance program because it did not provide (1) an adequate 
system of internal controls to ensure ongoing BSA compliance, (2) an 
adequate system of independent testing for BSA compliance, (3) effective 
training for monitoring and detecting suspicious activity, and (4) effective 
monitoring of BSA compliance by (he BSA officer. 

In July 2003, OCC entered into a consent order with Riggs, in which Riggs 
was directed to, among other things, correct AML internal control 
deficiencies and referred the Riggs case to FinCEN. According to a Riggs’ 
filing with the Securities and Exchange Commission, in April 2004, OCC 
classified Riggs as being in a “troubled condition” for failing to fully 


The AML regulation, 31CFR §103, 120, requires at a minimum that a BSA compliance 
program provide for a system of internal controls to ensure compliance, independent 
testing for compliance, training for appropriate personnel, and a designated individual 
responsible for day-to-day monitoring of BSA compliance. 


Page 8 


GAO-04-833T 




103 


comply with the July 2003 consent order. Due to additional BSA violations 
by Riggs National Corporation (the bank’s holding company), in May, OCC 
and the Federal Reserve, respectively, issued a supplemental consent 
order and a cease and desist order, requiring extra corrective actions. OCC 
and FinCEN cited the corporation for deficiencies in risk management and 
internal controls. Although OCC deemed Riggs to be systemically deficient 
in 2003 and the bank entered into a consent order with OCC, Riggs was not 
in full compliance with the consent order in 2004 and was subsequently 
assessed the penalty. 


In addition to the three cases discussed above, published reports of BSA 
violations at other banks have increased concerns about bank 
noncompliance with the BSA and timely oversight and enforcement by the 
federal banking regulators. For example, in 2003, the Department of 
Homeland Security’s Bureau of Immigration and Customs Enforcement 
(ICE) reported that the Delta National Bank & Tmst Company pled guilty 
in U.S. District Court to charges that it failed to file a SAR in connection 
with a transaction made in 2000 between two accounts at the bank. As part 
of the plea agreement with the government, the bank agreed to forfeit 
$950,000. In 2002, Broadway National Bank pled guilty to three felony 
charges for failing to report suspicious banking activity in the 19.90s, 
according to ICE. The prosecutors determined that more than $120 million 
was illegally moved through the bank. The bank was fined $4 million. 


Inspectors Genefcll Recent Treasury and FDIC IG reports assessing the regulators’ 

^ examination work and enforcement activities have raised questions about 

Reports Highlight potential gaps in the consistency and timeliness of the regulators’ 

AreSlS of Improvement mon ^°ring and follow-up on BSA violations. 

Needed in the BSA 
Examination Process 

Treasu ry 's Office Of IG The Treasury’s IG issued a report in 2003 on BSA violations at depository 

institutions and has a number of related audits in its fiscal year 2004 work 
plan. In September 2003, the Treasury IG issued a report on its review of 
OTS enforcement actions taken against thrifts with substantive BSA 
violations. Among its findings, the report stated that examiners found 
substantive BSA violations at 180 of the 986 thrills examined from January 
2000 through October 2002. OTS had issued written enforcement actions 
against 11 of the 180 thrifts; however, in 5 of these actions, the IG reported 



104 


that enforcement actions did not address all substantive violations found, 
were not timely, or were ineffective in correcting the thrifts’ BSA 
violations. The IG further reported that among 68 sampled cases, OTS 
relied on moral suasion and thrift management assurances to comply with 
the BSA. In 47 cases (69 percent), thrift management took the corrective 
actions, but in the other 21 cases (31 percent), thrift management was 
nonresponsive. BSA compliance worsened at some of the 21 thrifts, 
according to the IG. 

The IG made several recommendations including that OTS assess the need 
for additional clarification or guidance for examiners on when to initiate 
stronger supervisory action for substantive BSA violations and time 
frames for expecting corrective actions from thrifts. OTS concurred and 
stated that supplemental examiner guidance would be provided for the 
first quarter of 2004. 

The IG’s fiscal year 2004 annual plan lists several related audit projects 
including an assessment of OTS’ BSA examinations, including the new 
requirements under the USA PATRIOT Act. 


FDIC IG I am pleased to be on a panel with the FDIC Inspector General and would 

like to highlight some of his office’s work to illustrate issues recently 
raised regarding BSA examinations and enforcement. For example, in 
March 2001, the IG reported on its review of the FDIC Division of 
Supervision and Consumer Protection assessment of financial institutions’ 
compliance with the BSA. Among the IG’s findings were that FDIC did not 
adequately document its BSA examinations work; as a result, the IG was 
unable to determine the extent to which examiners reviewed regulated 
institutions’ compliance with the BSA during safety and soundness 
examinations. 

The IG made several recommendations, including that FDIC reemphasize 
to examiners and ensure that they follow (1) specific guidance related to 
the documentation requirements of scoping decisions, procedures, and 
conclusions reached during the pre-examination process when risk- 
focusing BSA examinations; and (2) policy and instructions on how to 
adequately document BSA examination decision factors and procedures. 
With regard to both recommendations, FDIC stated it would reemphasize 
its existing policies and guidance, specifically those policies requiring 
examiner responses to all of the BSA core decision factors at each 
examination. FDIC also stated that it had made revisions to its BSA 
examination module. 



105 


In September 2003, the IG reported on its audit of FDIC’s implementation 
of examination procedures to address financial institutions’ compliance 
with provisions of Title El of the USA PATRIOT Act. The IG concluded 
Eiat FDIC’s existing BSA examination procedures covered the AML 
subject areas required by the act to some degree and that its Division of 
Supervision and Consumer Protection had advised FDIC-regulated 
institutions of the new requirements. However, the IG reported that, for a 
number of reasons, the division had not issued guidance to its examiners 
on the act’s provisions that required new or revised examination 
procedures. One of the report’s recommendations was that the division 
issue interim examination procedures for those sections of the USA 
PATRIOT Act for which Treasury had issued final rules. The division 
agreed with the recommendation. 

hi March 2004, die IG issued a report on its work to determine whether the 
FDIC adequately followed up on BSA violations reported in examinations 
of FDIC-supervised financial institutions to ensure that they take 
appropriate corrective action. Among the IG’s findings was that, in some 
cases, BSA violations were repeatedly identified in multiple examination 
reports before bank management took corrective action or FDIC took 
regulatory action to address the repeat violations. The IG concluded that 
FDIC needs to strengthen its follow-up processes for BSA violations and 
recommended that FDIC’s Division of Supervision and Consumer 
Protection (1) reevaluate and update examination guidance to strengthen 
monitoring and follow-up processes for BSA violations and (2) review its 
implementation process for referring violations to Treasury. The IG noted 
that FDIC has initiatives underway to reassess and update its policies and 
procedures. Although it did not concur with all of the IG’s findings, in its 
response, FDIC concurred with the recommendations. 


GAO’s BSA and AML 
Examinations and 
Enforcement Work 


In recent years, we have done work addressing money laundering issues 
within the context of different activities and financial institutions such as 
securities broker-dealers, Russian entities, and private banking. We have 
also reviewed FinCEN’s regulatory role. 



106 


Past Reports In 1998, we issued two reports regarding FinCEN’s role in administering 

the BSA. 12 In both of these reports, we discussed the Secretary of the 
Treasury’s mandate to delegate the authority to assess civil penalties for 
BSA violations to federal banking regulatory agencies and noted that this 
delegation had not been made. One purpose of this work was to update 
information on civil penalties for BSA violations. We reported that one of 
the issues under discussion at the time was whether violations would be 
enforced under BSA provisions or under the banking regulators’ general 
examination powers granted by Title 12 of the U.S. Code. At that time, 
FinCEN officials told us that they were concerned that the banking 
regulators might be less inclined to assess BSA penalties and instead use 
their non-BSA authorities under their own statutes. 

Also in 1998, we reported on the activities of Raul Salinas, the brother of 
the former President of Mexico. 13 Mr. Salinas was allegedly involved in 
laundering money from Mexico, through Citibank, to accounts in Citibank 
affiliates in Switzerland and the United Kingdom. We determined that Mr. 
Salmas was able to transfer $90 - $100 million between 1992 and 1994 by 
using a private banking relationship structured through Citibank New York 
in 1992 and effectively disguise the funds’ source and destination, thus 
breaking the funds’ paper trail. The funds were transferred through 
Citibank Mexico and Citibank New York to private banking investment 
accounts at Citibank London and Citibank Switzerland. 

hi October 2000, we reported on our work on suspicious banking activity 
indicating possible money laundering conducted by certain corporations 
that had been formed in the state of Delaware for unknown foreign 
individuals or entities. 14 We first identified an agent that together with a 
related company created corporations for Russian brokers and established 
bank accounts for those corporations. We also reviewed SARs filed by 
three banks concerning transactions by corporations formed by this agent 
for Russian brokers. We then determined that from 1991 through early 


12 U.S. General Accounting Office, Money Laundering: FinCEN Needs to Better 
Communicate Regulatory Priorities and Time Lines, GAO/GGD-98-18 ([Washington, D.C.: 
Feb. 6, 1998); and Money Laundering FinCEN Needs to Better Manage Bank Secrecy Act 
Civil Penalty Cases, GAO/GGD-98- 108 (Washington, D.C.: June 15, 1998). 

13 U.S. General Accounting Office, Private Banking Raul Salinas, Citibank, and Alleged 
Money Laundering GAO/GSI-99-J. (Washington, D.C.: Oct. 30, 1998). 

I4 U.S. General Accounting Office, Suspicious Banking Activities: Possible Money 
Laundering by U.S. Corporations Formed for Russian Entities, GAO-0 1-120 (Washington, 
D.C.: Oct. 31, 2000). 




107 


2000, more than $1.4 billion in wire transfer transactions was deposited 
into over 230 accounts opened at two U.S. banks — Citibank and 
Commercial Bank. More than half of these funds were wired from foreign 
countries into accounts at Citibank and over 70 percent of the Citibank 
deposits for these accounts were wire-transferred to accounts in foreign 
countries. Further, both of these banks had violated BSA requirements 
regarding customer identification. We concluded that these transfers 
raised concerns that the U.S. banking system may have been used to 
launder money. 

In 2001, we issued a report on changes in BSA examination coverage for 
certain securities broker-dealers. 16 At the time, there was no requirement 
that all broker-dealers file SARs; however, broker-dealer subsidiaries of 
depository institutions and their holding companies were required to file 
SARs and were examined by banking regulators for compliance. We 
determined that with the passage of the 1999 Gramm-Leach-Bliley Act, 
these broker-dealers were no longer being examined to assess their 
compliance with SAR requirements, although they were being examined 
for compliance with reporting currency transactions and other 
requirements Treasury had specifically placed on broker-dealers. 
However, with the passage of the USA PATRIOT Act and the issuance of a 
final rule that became effective on July 31, 2002, all broker-dealers were 
required to report such activity. 


Ongoing Work In December 2003, the Chairman and Ranking Member of this Committee 

requested that we conduct a review of the regulators’ BSA examination 
procedures and enforcement actions. In requesting this work, you cited 
the Treasury and FDIC IG work that I discussed above. Among the major 
questions you raised were: 

♦ How do the regulators design, target, and conduct BSA compliance 
examinations, including for the added provisions of the USA PATRIOT 
Act? 

* How many BSA violations have federal banking regulators identified and 
taken action on over a several year time period? 


lf 'U.S. General Accounting Office, Money Laundering: Oversight of Suspicious Activity 
Reporting at Bank-Affiliated Broker-Dealers Ceased , GAO-0 1-474 (Washington, D.C.: Mar. 
22 , 2001 ). 



108 


• What consequences do the regulators’ risk-focused examinations have for 
identification and enforcement of BSA violations? 

• What differences, if any, are there between enforcement of the BSA 
through the regulators’ general safety and soundness authorities and 
enforcement of the BSA under the terms of the BSA itself? 

• Are BSA violations consistently interpreted among the regulators, 
Treasury, and depository institutions? 

* How do BSA violations come to the attention of the regulators and what 
other agencies are involved in resolving the violations? 

♦ What is the relationship between Treasury and die banking regulators in 
shaping examination policy and subsequent enforcement actions? 

* Do the regulators have adequate resources for conducting BSA 
compliance examinations, including the BSA provisions of the USA 
PATRIOT Act? 


We have begun doing this work for the Committee. In general, the major 
objectives of our review are to determine: 

1. How do the regulators’ risk-focused examinations of depository 
institutions assess BSA and AML program compliance? 

2. To what extent do the banking regulators identify BSA and AML 
program violations and take supervisory actions for such violations? 

3. How consistent are BSA examination procedures and interpretation of 
BSA violations across the banking regulators? 

4. What resources do the federal banking regulators have for conducting 
examinations of BSA and PATRIOT Act compliance? 

As part of our review, and considering die IGs’ findings, we are examining 
the relevant BSA amendments and banking statutes, regulations, and 
policies that address the authorities under which the regulators and 
Treasury take supervisory action for BSA violations and violations of dieir 
AML program rules. We are reviewing current examination guidance and 
procedures that the regulators use for determining compliance with the 
BSA, and related requirements used during their regular and targeted 
examinations. We will also try to ascertain the implications of “risk- 




109 


focused” examinations for BSA compliance and to determine whether and 
to what extent the regulators curtail such compliance reviews in their 
examinations. 

We are reviewing the reliability of the data systems used by banking 
regulators to track bank examinations, including BSA compliance 
examinations. We plan to obtain information on the bank examinations 
performed by each banking regulator over the past 4 years and then select 
a random sample to determine whether and the extent to which a BSA 
review was conducted or curtailed and the bases for these decisions. We 
also are obtaining information from the banking regulators on the number 
of BSA examinations done over the past 4 years and the number and 
nature of violations they identified. We plan to select and analyze samples 
of their BSA examinations and supporting workpapers to secure, in part, 
information on violations identified and the areas of operation covered 
during the examinations. Additionally, we plan to track supervisory 
actions taken by the regulators to correct the violations they identified. 
Our analyses in this area will include assessing the regulators’ examination 
procedures for BSA and AML compliance and the nature of violations and 
corresponding supervisory actions. We will also review the examinations 
in our sample to determine the extent to which the examinations reviewed 
policies and procedures and then tested transactions to see if the policies 
and procedures were implemented appropriately. We will also determine 
the extent to which banking regulators vary in the way they conduct their 
BSA examinations, cite banks for violations, and take enforcement 
actions. 

Key legal issues we will be examining are the ramifications, if any, of the 
lack of delegation of authority to assess BSA penalties by Treasuiy to the 
federal banking regulators, as mandated by statute in 1994. We will 
examine enforcement of the BSA through the regulators’ general safety 
and soundness authority and enforcement under the terms of the BSA 
itself to see whether there are differences, including circumstances under 
which the regulators make referrals to Treasury and law enforcement 
agencies. 

In addition, we will meet with government officials at the federal and state 
levels and from the banking and credit union industries to gain their 
perspectives on the risk-focused BSA examination process and post- 
examination follow-up activities. We have finished our initial meetings 
with the federal banking regulators; and officials at the Departments of 
Homeland Security, Justice, and Treasury, including FinCEN. We will have 
follow-on meetings with them as well as with state banking supervisors, 




110 


and representatives from depository institutions of various sizes to gain 
their views on the consistency of examiner interpretation of potential 
BSA-related deficiencies and the regulators’ BSA examination procedures, 
and their own internal control activities. 


Mr. Chairman, this concludes my prepared statement. I would be happy to 
respond to any questions that you or Members of the Committee may 
have. 


GAO Contacts and 
Staff 

Ackn owledgem ents 


For questions concerning this testimony, please call Davi M. D’Agostino at 
(202) 512-8678. Other key contributors to this statement were MTBaye 
Diagne, Toni Gillich, Barbara Keller, Kay Kuhlman, and Elizabeth Olivarez. 




Ill 


RESPONSE TO A QUESTION OF SENATOR SHELBY 
FROM JOHN D. HAWKE, JR. 

A.l. Mr. Hawke, in addition to the Saudi and Equatorial Guinea 
accounts, Riggs held numerous other foreign accounts, including 
what many characterize as what we would call high-risk by 
FinCEN and OFAC. They include, among others, Burma, Cuba, the 
Sudan, Iraq, Iran, Syria, and Nigeria. If Riggs’ BSA/AML internal 
controls were so deficient, which is a given, should we be con- 
cerned, in other words, should you be concerned that many of these 
other embassy and special interest accounts could suffer similar in- 
adequacies and violations? 

A.l. OCC examiners reviewed Riggs Bank’s OFAC controls during 
the January 2003 BSA examination and did not find any problems 
with the bank’s handling of OFAC country accounts. The exam- 
iners reviewed the details of the Iraqi blocked accounts and did not 
identify any deficiencies or noncompliance with OFAC regulations. 
Subsequently, OCC examiners obtained and confirmed that appro- 
priate licenses were acquired for Riggs or their banking customers 
to open accounts or transact business within OFAC sanctioned 
countries of Burma, Cuba, Iran, Iraq, the Sudan, Syria, and Yugo- 
slavia (Balkans). The bank’s OFAC compliance procedures used in 
the opening account process have also been assessed in subsequent 
exams and found to be satisfactory. 

Most of the above-mentioned OFAC sanctioned countries having 
either Embassy or Mission accounts within Riggs’s Embassy Bank- 
ing Division were closed in June 2004 as part of the bank’s decision 
to exit high-risk Embassy accounts. There is one exception of an 
Iranian account that remains open and blocked as required by 
OFAC. Under the terms of the cease-and-desist orders, the bank is 
required to review the activity in all high-risk Embassy accounts 
going back to January 1, 2001, to ensure that Suspicious Activity 
Reports are filed where appropriate. The OCC will evaluate Riggs 
Bank’s compliance with this and other requirements of the cease- 
and-desist orders in October of this year. 



112 



Comptroller of the Currency 
Administrator of National Banks 


Washington, DC 20219 


June 18, 2004 

The Honorable Paul S. Sarbanes 
Ranking Member 

Committee on Banking, Housing, and Urban Affairs 
United States Senate 
Washington, D.C. 20510 

Dear Senator Sarbanes: 

During the Committee’s hearing on June 3, 2004, you raised concerns about changes the OCC is 
making in its organizational structure for compliance supervision. Specifically, you referred to 
an email from Ann Jaedicke, OCC’s Deputy Comptroller for Compliance, that described these 
changes to include buyouts for compliance employees. You felt that a plan to offer buyouts was 
inconsistent with my statement that OCC does not intend to reduce the number of its compliance 
examiners. During the hearing, you requested a copy of a May 2004 memo from OCC’s 
Committee on Bank Supervision that more fully describes the changes we are making. That 
memo is included with this letter. I hope that the information in this letter and the memo will 
answer any remaining questions you may have about this issue. Let me be clear, we do not 
intend to reduce the number of compliance examiners at the OCC. 

Currently the OCC has 107 compliance examiners who examine banks throughout the U.S. Six 
managers supervise these employees. The six managerial positions are being eliminated, and the 
107 compliance examiners are being reassigned to other managers in the OCC. We believe this 
realignment of the staff will improve the effectiveness of our compliance program by integrating 
it into the other aspects of bank supervision. 

The OCC is offering buyouts primarily to the managers in the positions that are being eliminated. 
A few other compliance employees also are eligible for these buyouts. The total number of 
buyouts available is four. Ten employees, including the six managers, are eligible for the four 
buyouts. 

If none of the eligible employees elect to accept OCC’s offer for a buyout, the former managers 
will be offered positions as compliance examiners and the number of compliance examiners will 
increase from 107 to 1 13. If four employees choose to take a buyout, the remaining employees 
will again be placed in jobs as compliance examiners, and the number of examiners will increase 
from 107 to 109. In either case, the number of examiners who are available to conduct 
examinations of banks’ compliance supervision will increase, and the overall number of 
managers in the OCC will decrease. 



Consumer protection and compliance with the Bank Secrecy Act are issues that have been and 
continue to be an important part of OCC’s supervision of national banks. We will do nothing to 
diminish our abilities to supervise these important areas. I hope this has been responsive to your 
question. If you would like more information or have additional questions, 1 would be happy to 
respond. 


Sincerely, 



Joiat D. Hawke, Jr. 
Comptroller of the Currency 


Enclosure 



114 


OCC News 


Posted on May 21, 2004 


To: All Employees 

From: Committee on Bank Supervision 
Subject: Compliance Realignment 
Date: May 21, 2004 

During the next several months the OCC will change its organizational reporting 
lines to better align our compliance functions with our other supervisory activities. 
The goal of the realignment is to enhance our ability to focus examination 
resources on the banks and banking activities that pose the greatest compliance 
risks. We believe these steps will improve the effectiveness and integration of this 
important aspect of OCC supervision and will enhance the coordination of and 
accountability' for compliance supervision. We recognize that the process leading 
up to this announcement has been prolonged. This has led some staff to be 
concerned about these changes. However, in light of the many changes taking 
place in the industry, a careful and deliberate process was necessary' to assure that 
the end result was to make our strong compliance program even stronger. 

This realignment will replace our current structure in which compliance field 
examiners report to assistant deputy comptrollers (ADCs) for compliance. This 
layer of management will be replaced with five comparably graded compliance 
expert positions whose work will be focused on banks in the large bank program. 
In the future, compliance examiners in the field will be assigned to the large bank 
supervision program or to the mid-size/community bank supervision program. 
Those working in large banks (as many already are) will report through large bank 
EICs to the deputy comptrollers for large banks at headquarters. Those assigned to 
the mid-size/cotnmunity bank line of business will report through ADCs based in 
our field offices to the deputy comptrollers in charge of our district offices. 

This change does not mean that we intend to reduce the number of compliance 
examiners. Compliance has been and will continue to be an important component 
of the OCC’s supervision of national banks and their operating subsidiaries, and 
we value all the compliance specialists working for the OCC. 

Although the compliance specialists who move into the large bank line of business 
will conduct the majority of large bank compliance work, we expect that there 
may be instances in which the large bank program draw's resources from the mid- 
size/community bank line of business. Compliance work in the mid-sized banks 
will be funded from the two lines of business, consistent with the way in which the 
OCC's mid-size bank program currently funds safety and soundness work. 
Additionally, we intend to create five new lead expert compliance positions in the 




115 


mid-size/community bank program. The reporting lines for these positions will be 
consistent with the other lead expert specialties in the districts. 

The compliance department in headquarters will retain responsibility for the 
development and oversight of OCC's compliance policies and examination 
procedures. Managed by the deputy comptroller for compliance and staffed by 
compliance specialists, this department will also be responsible for developing and 
maintaining early warning systems to identify compliance risks, conducting the 
training of compliance examiners, providing information to the industry, and 
aiding in the coordination and communication of compliance issues. 

W e want to reiterate that these changes will not diminish our commitment to 
effective and efficient compliance supervision. Compliance is a key component of 
our 2005 Operating Plan, and we expect our supervisory staff to fully address 
supervisory issues associated with privacy, predatory lending, the bank secrecy- 
act, the community reinvestment act, and all other consumer compliance 
regulations. We will complete the implementation of this realignment by 
September 30, 2004. 


Date j Title [ Sequ ence Num b e r 



Office of Thrift Supervision 

Department of the Treasury 

1700 G Street, N.W., Washington, DC 20552 • (202) 906-6590 


James E. Giileran 
Director 


June 9, 2004 


The Honorable Jack Reed 
Committee on Banking, Housing, 
and Urban Affairs 
United States Senate 
Washington, D.C. 20510 

Dear Senator Reed: 

Thank you for your request for a statement regarding what supervisory regulations and 
processes the Office of Thrift Supervision (OTS) has in place to ensure that thrifts operate in a 
safe and sound manner with regard to outsourcing to foreign service providers. OTS's 
supervisory efforts in this regard can be categorized as those that are implemented on an 
interagency basis and those specific to OTS. 

Interagency Supervisory Processes 

To provide the context in which to understand OTS specific regulations and processes, it 
is helpful to understand what the federal banking regulatory agencies do on an interagency basis. 
The Federal Financial Institutions Examination Council 1 (FFIEC) issues interagency guidance to 
financial institutions regarding the safe and sound operations of financial institutions. 
Additionally, each of these agencies examines the institutions it regulates to ensure that they are 
effectively following the guidance issued by the regulators. If, during an examination or at any 
other time, the primary regulator determines that an institution is not in compliance with 
regulatory requirements, the regulator may take a variety of steps to enforce compliance. Such 
actions range from informal agreements to remediate problem areas, to formal public 
enforcement actions such as cease and desist orders and civil money penalties. 

Many U.S. financial institutions use third party service providers for information 
technology services. Because this is a common practice, the FFIEC has issued guidance related 
to its expectations regarding vendor management. This guidance spells out what the agencies 
believe are best practices for vendor management and the agencies' expectations in terms of 
assessing and mitigating risks associated with outsourcing technology services. 2 In addition, the 


1 The FFIEC is composed of the Office of Thrift Supervision, the Federal Deposit Insurance Corporation, the Office 

of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the National Credit 
Union Administration. 

2 Chief Executive Officer Memorandum 133, Risk Management of Technology Outsourcing, distributed by OTS on 
December 13,2000. 


117 


FFIEC is in the process of updating the Information Technology Examination Handbook 3 that 
deals with outsourcing. The updated version of this section discusses best practices and 
regulatory expectations regarding the use of foreign service providers. 

The FFIEC agencies expect institutions to implement a proper vendor management 
process that provides policies and procedures that ensure that: 

• The Board of Directors and senior management of financial institutions are 
responsible for and understand the risks associated with outsourcing arrangements 
and for implementing effective controls to mitigate identified risks. 

• Senior management implements an effective due diligence process in selecting a 
third party provider. 

• Senior management deliberately considers and evaluates contract issues to ensure 
that the rights and responsibilities of each party to the contract are dearly stated 
and agreed upon. 

• Senior management implements an effective system of service provider oversight 
to monitor the relationship and make modifications as it evolves. 

The above is a general overview of expectations. The referenced documents, particularly 
the Information Technology F,xamination Handbook, provide extensive details regarding specific 
expectations, including those dealing with compliance with the USA Patriot Act and the Gramm- 
Leach-Bliley Act. Within this interagency framework, safety and soundness examiners and 
information technology examiners regularly assess the adequacy and effectiveness of U.S. 
financial institutions' internal controls with respect to vendors that provide technology services to 
them. These examinations are risk focused, and examiners utilize a variety of examination work 
programs to assess risk and evaluate controls related to both domestic and foreign-based service 
providers. 

OTS Specific Statutes, Regulations, and Guidance 

The Office of Thrift Supervision has unique regulations and guidance that apply to 
foreign-based service providers. These give OTS the ability to: 

• Monitor and supervise foreign-based service provider activity that is taking place 
on behalf of thrifts; 


3 The updated FFIEC Information Technology Handbook contains sections on Information Security, Audit, 
Technology Service Providers, Electronic Banking. Business Continnity Planning, FedLi ne and Reta il Payment 
Systems. Additional sections on Outsourcing, Operations, Management, Wholesale Payment Systems, and 
Development and Acquisition will be published during 2004 and will complete the update process. 



118 


• Outline the scope of authorized activities and regulatory expectations of thrifts; 
and 

• Assess the risk associated with the activity and take actions to mitigate the risk if 
necessary. 

Home Owners’ Loan Act fHOLAi 

HOLA requires thrifts to notify OTS of arrangements with all third party providers. This 
notice is required even in the absence of a formal contract, and applies to all service providers — 
domestic or foreign. The notice is required no later than 30 days after the earlier of the date of 
the contract, or the date the third party initiates performance of the services. HOLA also makes 
services performed by a third party subject to regulation and examination by OTS to the same 
extent as the thrift itself. HOLA thus requires thrifts to notify OTS of the use of a third party 
provider and gives OTS the authority to examine that provider if necessary. 

OTS Regulation — Electronic Operations Rule 

OTS issued a final rule (12 CFR Part 555), effective January 1, 1999, that outlines the 
authority and regulatory expectations for thrifts to conduct electronic operations. Section 
555.310 requires thrifts to notify OTS at least 30 days before establishing a "transactional" 
website. To date, all notices received have been for services from domestic service providers. If 
this activity starts moving offshore, OTS would be made aware of it under this regulation and 
would assess and ensure that risks associated with the move are mitigated. 

Guidance — Thrift Bulletin 82 fTB 823 ‘Third Party Arrangements’ 

In March of 2003, OTS issued guidance to thrifts stating the agency's expectations with 
regard to all third party arrangements. The purpose of this bulletin was to apply the service 
provider guidance beyond what typically had been more narrowly interpreted as technology 
service providers. TB 82 now applies to any service provided by a third party. TB 82 also 
specifically incorporated new guidance with regard to foreign-based service providers: 

• Thrifts with existing 4 arrangements with foreign-based service providers were 
instructed to immediately notify OTS if they had a composite safety and 
soundness rating of 4 or 5 or were troubled. 

• Thrifts, on an ongoing basis, should notify OTS at least 30 days before entering 
into any new service provider arrangement with a foreign-based service provider. 5 

4 As of the date of issuance of TB 82, March 1 9 , 2003. 

5 for domestic service providers, TB 82 provides for a 30 day aSef-tHe-fact notlceamf ITmits the noticeto contracts 
outside tile normal course of business and significant to the operation or financial condition of the institution. 



119 


• Thrifts should include a contract provision with each foreign-based service 
provider recognizing that services it performs on behalf of the thrift are subject to 
OTS examination. A thrift’s use of a foreign provider, and the use of critical data 
and processes outside U.S. territory, must not compromise OTS’s ability to 
examine a thrift’s operations. Accordingly, OTS expects thrifts to establish 
relationships in a way that does not impede OTS’s access to data or information 
needed to supervise the thrift or to assess the safety and soundness of the thrift’s 
operations. 

• TB 82 also advises thrifts to include a provision in contracts with service 
providers allowing the thrift or OTS to terminate the contract, if the thrift 
becomes troubled or if OTS formally objects to the arrangement. 

Other OTS Initiatives Related to Foreign-Based Service Providers 

In addition to the Interagency and OTS-specifie activities related to foreign outsourcing, 
OTS has begun a number of additional initiatives to monitor this activity. For example, OTS 
recently performed an informal survey of our larger and more complex thrifts to obtain 
information regarding the type of activities being outsourced, where the provider is located, and 
whether the provider was affiliated with the thrift. 

OTS also maintains an Information Technology Database that is updated during each 
examination and that shows all significant service providers that have contracted with thrifts in 
the United States. This database is currently being updated to allow users to flag foreign service 
providers and make it easier to extract reports specific to them. 

Summary 

The use of foreign-based service providers is becoming a more common business 
practice. Proponents of this activity believe that the foreign-based services can be performed 
more effectively and efficiently. Indeed, cost savings are reported to be in the 40 percent to 60 
percent range in some cases. Proponents argue that even with the extra expenses of monitoring 
activities in an offshore arrangement, financial institutions can gain a better quality of service at 
a reduced price. 

Others argue that the cost of monitoring and managing off shore vendors, if done 
effectively, eliminates the cost savings for a majority of depository institutions, and that effective 
management of an offshore third party relationship may not even be feasible in certain political, 
economic, and legal environments. 



120 


OTS is mindful of the changes taking place and is monitoring this activity. While we 
generally do not interfere with offshore outsourcing arrangements that are implemented with 
adequate controls, we are prepared to intervene when appropriate controls are lacking. We 
stress to institutions that it is imperative that internal controls are in place to protect private 
customer information, regardless of where the electronic processing is performed. In addition, 
thrifts must be able to assure us that the provisions of the Bank Secrecy Act and the USA Patriot 
Act, aimed at deterring terrorist activity and money laundering, are implemented effectively at 
the financial institution and its service providers. 

Our examiners evaluate thrifts’ compliance with the OTS statutes, regulations, and 
guidance described above during our Safety and Soundness/Compliance and Information 
Technology examinations. OTS also has a group of highly skilled specialists in the information 
technology examination area that conduct intense IT examinations at large complex thrifts and 
their service providers. 

If you or your staff have any additional questions, please do not hesitate to contact me or 
Kevin Petrasic, Managing Director, External Affairs at (202) 906-6288, 

Sincerely, 


{jUZ'far' 

/ / James E. Gilleran 
// Director 




